The Best Security Is Based On Zero Trust

Uploaded on 2018-09-05 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW

The story of the Trojan Horse is a timeless lesson about what can happen when we make assumptions and trust the people that we shouldn’t. The Greeks were never going to be able to penetrate the walls of the city of Troy from the outside, so they had to devise a plan that would allow them to gain the trust of the Trojans in order for them to conquer the city from the inside.

Assuming this trust foiled the Trojans millennia ago; and the situation unfortunately is quite similar to the security posture of many networks today.

Data center security has traditionally been built around firewalls and other perimeter-based defenses that focus on keeping dangerous external forces out. However, when users with the right credentials get beyond these perimeter defenses, the architecture implicitly trusts them; and there is very little to impede that user’s movement once inside the network’s fortification. Therefore, the best way to truly secure data and workloads is by adopting a model that trusts nothing. This zero-trust security architecture is changing the game for data centers; and by understanding some of its key benefits, we can better protect our most critical organizational assets.

Erases Assumptions

Today, data center security is fraught with assumptions. We assume that if someone has the credentials to access the network then the network should trust the user. But what happens when those credentials are stolen? In that case, our assumptions have opened Pandora’s Box, and as the threat landscape continues to evolve and multi-tenant environments become increasingly complex, Pandora’s Box actually gets worse and worse.

Therefore, it is critical that we remove assumption from the security mindset altogether. In a zero-trust model, access is allocated on a per tenant, per application, and/or per workload basis. To that end, even if a user’s credentials are stolen, they are not free to access all parts of the network and instead can only see those resources defined for them. Additionally, in a zero-trust model, we are constantly evaluating a user’s digital identity so if abnormal behavior is recognized, the system can move quickly to change access or mitigate potential issues.

Increases Data Center Flexibility

Data centers are extremely complex networks with workloads operating across many different environments (private, public, hybrid) and multiple tenants all accessing resources. This kind of complexity makes simple perimeter defenses appealing to network managers from an investment and implementation perspective. However, it is that simplicity that opens data centers up to danger and keeps them rigid in their provisioning of resources.

One of the ancillary benefits of a zero-trust model is the flexibility that it provides to network managers. Since access can be allocated on a per tenant, per application, and/or per workload basis, we can better understand how system resources are used. Instead of having to dedicate resources for all users to the entire network, we can instead allocate only the resources required based on the individual access rules that are defined. In fact, some access does not even require network provisions and can be defined as peer-to-peer, thus freeing up even more precious network resources.

The Demise of the Firewall

Indeed, zero-trust security models require an extremely granular level of precision where each endpoint, IoT device, user, etc. is defined with its own access control. For a long time, this complexity made zero-trust security more of a dream than a reality as there was nothing that could orchestrate such complexity. Not to mention that no one could just remove the firewall and operate in a vacuum. However, as AI and machine learning has advanced, it is now possible to orchestrate zero-trust networking at a software level. AI is capable of examining behavior on a case by case basis and flagging or taking action against any abnormal behavior immediately. This ultimately means, that as zero-trust becomes widely implemented after the current firewall, data centers will come to realize that the firewall is redundant and therefore, it will cease to exist.

It is true that this final shift may still be a few years into the future, but by implementing zero-trust systems and policies now, data centers can begin realizing the benefits in security and flexibility while preparing themselves for the inevitable paradigm shift.

Not to mention that these data centers will be better protected against the kind of costly and debilitating cyber attacks that are becoming more and more prevalent today. The shift will require some investment and won’t happen overnight, but the benefits will be long lasting and far reaching.

DataCenter Knowledge:

You Might Also Read:

Powering The Future Of Artificial Intelligence

« Training Young Hackers To Stop Cybercrime
What Europe Can Do To Catch Dark Web Criminals »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ForgeRock

ForgeRock

ForgeRock, the leader in digital identity, delivers comprehensive Identity and Access Management solutions for consumers, employees and things to simply and safely access the connected world.

Resource Centre for Cyber Forensics (RCCF)

Resource Centre for Cyber Forensics (RCCF)

RCCF is a pioneering institute, pursuing research activities in the area of Cyber Forensics.

Emerson Electric Co

Emerson Electric Co

Emerson provides industrial automation systems and associated cybersecurity solutions to protect critical process control systems from cyber attack.

Sigma Payment Solutions

Sigma Payment Solutions

Sigma Payment Solutions offers a comprehensive suite of automated payment processing services, solutions, and technology to businesses in the USA.

Dermalog Identification Systems

Dermalog Identification Systems

Dermalog Identification Systems is a pioneer in biometry and the largest German manufacturer of biometric devices and systems.

Infopulse

Infopulse

Infopulse is a global provider of Software Engineering, Cloud & IT Infrastructure Management, and Cybersecurity services.

Verodin

Verodin

Verodin is a business platform that provides organizations with the evidence needed to measure, manage and improve their cybersecurity effectiveness.

Blueskytec (BST)

Blueskytec (BST)

Blueskytec has applied its experience of over three decades of working in the field of embedded systems and encryption to provide a scalable and appropriate technology for cyber-physical devices.

Kinetic Investments

Kinetic Investments

Kinetic Investments is a venture capital firm dedicated to early-stage companies that are transforming the digital landscape.

Easy Dynamics

Easy Dynamics

Easy Dynamics is a leading technology services provider with a core focus in Cybersecurity, Cloud Computing, and Information Sharing.

Tenet3

Tenet3

Tenet3's vision is to make optimal cyber strategy development tractable, data driven, with concrete success metrics. The result is cost effective cyber resilience for our customers.

Ontinue

Ontinue

Ontinue ION is an MXDR service that provides Nonstop SecOps through five key capabilities that enable your organization to respond to attacks and continuously reduce risk.

Digital Security Authority (DSA)

Digital Security Authority (DSA)

The establishment of the Digital Security Authority, which incorporates the National CSIRT, is crucial to significantly raising the cybersecurity posture and capabilities of Cyprus.

Mindflow

Mindflow

Mindflow is dedicated to bringing answers to the challenges the cybersecurity field and beyond face today.

FearsOff

FearsOff

FearsOff is a global information security company serving clients worldwide. White hat operators with a black hat mindset to emulate real world attacks and everchanging threat vectors.

GoCloud Systems

GoCloud Systems

GoCloud is an IT consulting firm. We provide IT strategy and cloud adoption services to the New Zealand Government, Non-Profit Organisations and private industry.