How a Zero Trust Platform Approach Takes Security to the Next Level
Even though many organizations aim to achieve zero trust, this goal may not always be achievable in the solutions they implement. In fact, a recent survey found that while most organizations surveyed said they had implemented or were in the process of implementing a zero trust strategy, more than half lacked the ability to authenticate users and devices on an ongoing basis. Trusting too much could have disastrous – and costly – results. IBM estimates that the global average cost of a data breach is currently $4.24 million.
It’s no surprise that more organizations are trying to move from implicit trust to zero trust. The idea of “zero trust” sounds wonderful from a security perspective – and it is. People have been talking about it intensely for several years, but organizations are still struggling with it. That’s partly because it’s not just something you can buy off the shelf, and partly because of the confusion. Zero trust involves several things, so it’s important to define our terms upfront to avoid confusion and arrive at a solid solution.
In its most basic form, zero trust involves explicitly verifying a user or device before granting access to a resource. This verification may include user identity, role, location, time of day, device identity, device posture, and device history. This verification must take place on an ongoing basis and the access granted must relate only to the requested resource. Zero trust removes the broad access across the network that has been common in networks for years.
What a Zero Trust Implementation Means
Zero trust is not something you go shopping for one day and finish by noon. It’s much more of a journey – a marathon where you start by assessing where you are and then you start thinking about where you want to go next. But it’s a multi-year journey and, quite honestly, one that you never fully complete. You will always seek to reinforce your zero trust approach and apply these zero trust principles to your network.
This begs the question: does zero trust require a drastic upgrade or just the addition of software components? The answer is: it depends on what you already have. Sometimes it’s more about setting up your network and enabling features that already exist. For example, some firewall and VPN solutions include ZTNA features that simply need to be enabled.
ZTNA replaces standard VPN technologies for application access by getting rid of the excessive trust that legacy VPN needs to enable connections and collaboration between partners or employees. While maintaining tight access control, ZTNA also helps manage access to corporate resources for the extended workforce, including partners, vendors, or potentially acquired businesses.
The Zero Trust Mindset
For some Zero Trust use cases, it may be necessary to replace some existing products. It depends on the technology in question – what someone has in their network would determine whether they need a disruptive re-architecting or just configuring things differently.
But first and foremost, zero trust at a high level is really a philosophy, a new mindset, a new way of thinking about how to architect and secure your network. After that, it’s about figuring out how to bring the right architectures and products to your network to fully realize zero trust.
It is important to bring zero trust to how users access applications. Zero trust also applies to devices trying to access resources. This applies to servers that talk to each other. The zero trust philosophy will affect the entire network that affects users and devices, but it also requires the ability to have controls around those assets.
Additionally, zero trust involves the ability to segment and micro-segment, so that once a user or device authenticates, they only have access to the particular resource they need. .
The platform approach
As organizations turn to more platform approaches for a variety of IT purposes, it becomes easier to select a platform that enables zero trust. When companies are asked why they don’t implement zero trust, one of the top reasons cited is the complexity of getting all the pieces to work together to enable granular authentication, ongoing verification and monitoring.
It can be confusing and resource-intensive to integrate several diverse point products to create a do-it-yourself solution. A huge benefit of opting for a platform approach to deploying zero trust is the reduced burden on the IT organization.
One of the industry’s problems for years has been the shortage of IT professionals trained and able to support these cybersecurity networks. With automation and integration already built in, a Zero Trust platform actually reduces the workload on the IT organization and makes staff more effective and efficient.
Take back control
The pandemic has pushed many employees to work remotely. Today, many companies are faced with a situation where employees work from anywhere: at home, in the office, while traveling and in cafes. The rise of the work-from-anywhere model has expanded the attack surface, making user data and devices more susceptible to cyber risks. This is one of the reasons zero trust is becoming so important now and why organizations want to learn how to deploy it in their networks.
Zero trust is a long-term philosophy that incorporates many parts, and those parts can be difficult to find and integrate. This is why the platform approach that has become popular for so many IT solutions is perfectly suited to zero trust.
Learn more on how Fortinet ZTNA improves secure anywhere application access for remote users.
Copyright © 2022 IDG Communications, Inc.