The Best Security Is Based On Zero Trust

Uploaded on 2018-09-05 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW

The story of the Trojan Horse is a timeless lesson about what can happen when we make assumptions and trust the people that we shouldn’t. The Greeks were never going to be able to penetrate the walls of the city of Troy from the outside, so they had to devise a plan that would allow them to gain the trust of the Trojans in order for them to conquer the city from the inside.

Assuming this trust foiled the Trojans millennia ago; and the situation unfortunately is quite similar to the security posture of many networks today.

Data center security has traditionally been built around firewalls and other perimeter-based defenses that focus on keeping dangerous external forces out. However, when users with the right credentials get beyond these perimeter defenses, the architecture implicitly trusts them; and there is very little to impede that user’s movement once inside the network’s fortification. Therefore, the best way to truly secure data and workloads is by adopting a model that trusts nothing. This zero-trust security architecture is changing the game for data centers; and by understanding some of its key benefits, we can better protect our most critical organizational assets.

Erases Assumptions

Today, data center security is fraught with assumptions. We assume that if someone has the credentials to access the network then the network should trust the user. But what happens when those credentials are stolen? In that case, our assumptions have opened Pandora’s Box, and as the threat landscape continues to evolve and multi-tenant environments become increasingly complex, Pandora’s Box actually gets worse and worse.

Therefore, it is critical that we remove assumption from the security mindset altogether. In a zero-trust model, access is allocated on a per tenant, per application, and/or per workload basis. To that end, even if a user’s credentials are stolen, they are not free to access all parts of the network and instead can only see those resources defined for them. Additionally, in a zero-trust model, we are constantly evaluating a user’s digital identity so if abnormal behavior is recognized, the system can move quickly to change access or mitigate potential issues.

Increases Data Center Flexibility

Data centers are extremely complex networks with workloads operating across many different environments (private, public, hybrid) and multiple tenants all accessing resources. This kind of complexity makes simple perimeter defenses appealing to network managers from an investment and implementation perspective. However, it is that simplicity that opens data centers up to danger and keeps them rigid in their provisioning of resources.

One of the ancillary benefits of a zero-trust model is the flexibility that it provides to network managers. Since access can be allocated on a per tenant, per application, and/or per workload basis, we can better understand how system resources are used. Instead of having to dedicate resources for all users to the entire network, we can instead allocate only the resources required based on the individual access rules that are defined. In fact, some access does not even require network provisions and can be defined as peer-to-peer, thus freeing up even more precious network resources.

The Demise of the Firewall

Indeed, zero-trust security models require an extremely granular level of precision where each endpoint, IoT device, user, etc. is defined with its own access control. For a long time, this complexity made zero-trust security more of a dream than a reality as there was nothing that could orchestrate such complexity. Not to mention that no one could just remove the firewall and operate in a vacuum. However, as AI and machine learning has advanced, it is now possible to orchestrate zero-trust networking at a software level. AI is capable of examining behavior on a case by case basis and flagging or taking action against any abnormal behavior immediately. This ultimately means, that as zero-trust becomes widely implemented after the current firewall, data centers will come to realize that the firewall is redundant and therefore, it will cease to exist.

It is true that this final shift may still be a few years into the future, but by implementing zero-trust systems and policies now, data centers can begin realizing the benefits in security and flexibility while preparing themselves for the inevitable paradigm shift.

Not to mention that these data centers will be better protected against the kind of costly and debilitating cyber attacks that are becoming more and more prevalent today. The shift will require some investment and won’t happen overnight, but the benefits will be long lasting and far reaching.

DataCenter Knowledge:

You Might Also Read:

Powering The Future Of Artificial Intelligence

« Training Young Hackers To Stop Cybercrime
What Europe Can Do To Catch Dark Web Criminals »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

CybelAngel

CybelAngel

CybelAngel is a leading digital risk protection platform that detects and resolves external threats before these wreak havoc.

DocAuthority

DocAuthority

DocAuthority automatically discovers and accurately identifies unprotected, sensitive documents, enabling a broad yet business-friendly security policy.

Entersekt

Entersekt

Entersekt is an innovator in push-based authentication and app security.

SecureMetric Technology

SecureMetric Technology

SecureMetric is one of SE Asia’s leading players in the field of digital security with a focus on Software Licensing Protection, 2-Factor Authentication, Advanced Identity and Access Management, Publi

Intertrust Technologies

Intertrust Technologies

Intertrust Technologies is a software company specializing in trusted computing products and services.

ACPL Systems

ACPL Systems

We offer leading-edge technology solutions, expert professional and managed services and proven methodologies to ensure your data is protected and business risks are reduced.

Relution

Relution

Relution is the Unified Endpoint Management platform for innovative companies and educational institutions. It enables you to manage your mobile apps and devices easily and securely.

Nova Leah

Nova Leah

Nova Leah helps connected medical device manufacturers meet cybersecurity compliance requirements throughout the entire product lifecycle.

Astaara

Astaara

Astaara is an integrated insurance services and risk management advisory business incorporating cyber risk advisory, underwriting and analytics.

Wiser Market

Wiser Market

Wiser Market is a leading company in global online brand protection services, intellectual property protection, anti-Counterfeit & trademark infringements.

KirkpatrickPrice

KirkpatrickPrice

KirkpatrickPrice is dedicated to providing you with innovative security guidance and efficient audit services.

Narf Industries

Narf Industries

Narf Industries are a small group of reverse engineers, vulnerability researchers and tool developers that specialize in tailored solutions for government and large enterprises.

Brunswick Group

Brunswick Group

Brunswick is a critical issues firm. We advise the world’s leading companies on how to navigate the critical issues they face and engage with their critical stakeholders.

COGITANDA Dataprotect

COGITANDA Dataprotect

COGITANDA are a group of companies focused on dealing with cyber risks, managing them and insuring them.

AKIPS

AKIPS

AKIPS develops the world's most scalable network and infrastructure monitoring software, delivered as a turn-key software appliance.

Orca Tech

Orca Tech

Orca Tech brings together a portfolio of complimentary vendor in the IT security industry to help provide a complete solution to meet the requirements of our Partners across all sectors.