Secure enterprise cloud assets with Zero Trust deployment models

Software Defined Perimeter

Secure enterprise cloud assets with Zero Trust deployment models

Jun 16, 2021, 10:29:11 AM Tech and Science

With the increase in remote working and organizations migrating their digital assets to the cloud, the spirit of building a solid foundation has significantly grown. Zero Trust security has indeed come into the forefront. Though the concept of Zero Trust is not new, not enough organizations have adopted it in IT and security. Even the concept of identity-centric protection isn't anything new, however, most of the breaches are due to compromised identities, this makes organizations adopt Zero Trust architecture to secure cloud applications and digital assets used by remote employees, contractors, and partners.


Rise in eCrimes

A report suggests a rise in eCrime intrusions from 69% in 2019 to 79% in 2020, showing how shift to remote work during pandemic has increased attack surfaces for eCriminals and continue to monetize their victims. In today's world Zero Trust architecture addresses a philosophical shift in cybersecurity planning that seeks to address a perfect replacement of VPN solutions by making trust decisions based on the identity of a user or device rather than location. Check the guide to Zero Trust architecture that offers some deployment models as use cases:

1. Secure access from users working remotely

There's no doubt that modern agencies must support remote devices. Secure access service can deal with the shift from traditional perimeter security to a decentralized model, allowing secure access to resources from any location.

2. Multi Cloud Environments and Cloud-to-Cloud connectivity

Organizations often operate in an environment composed of many cloud services, each has its own native security capabilities. These capabilities don't necessarily align with traditional on-premises controls. Cybersecurity professionals that deal with multi cloud environments need to consider the pros and cons of native versus traditional solutions for better security and align the controls in a coherent manner.

3. Access to Network Based on Contextual Information

Employees, contractors, and remote workers need to access enterprise cloud environments, often with devices that aren't managed by enterprise security controls. Network access control technology allows organizations to regulate access based on identity as well as contextual information, and limit access based on the scenario. At a certain time, devices can be given limited access or isolated on special purpose networks.

4. Identity Management Across Enterprise Network and Devices

Employees access cloud resources every now and then, to collaborate constantly and to make sure the connection is safe and secure. Organizations should implement cybersecurity controls like Software Defined Perimeter that allow employees to use their verified identities so that they are shown only those resources that are available for them. 

5. Differentiate Managed and Unmanaged Devices

Once the user's authentication is trusted, we have to make sure that we tie authentication to the user's device. There's a big difference between a user authenticating from a company-owned device that's compliant with the organizational policies, vs the same user authenticating from their personal device without any security measures. 

Though the ability to differentiate between managed and unmanaged devices is critical while looking into the context of the access request. The compliance and risk identified on the devices can be leveraged to determine the level of access allowed for any given request. 

These models provide ideas about deploying ZTA in organizations that seek modern techniques and methods for productivity and collaboration among employees. However, these are just templates rather than clear blueprints. The practical scenario across organizations is complex, and they will need to blend these models in a manner to align with their business activities and strategies. Organizations also need to consider the ongoing management and operational effectiveness of their security controls, regardless of their architecture.

It's good to try things out first, migrating the entire organization to a new access paradigm all at once could be impossible. Such a process can raise concerns from different parties and stakeholders. In order to successfully implement Zero Trust Access, you will have to slowly build the stakeholders' trust in the Zero Trust security model and tackle each concern as it comes. Luckily, the migration process can be easily managed in stages. 

Published by donnaalbright

Comment here...

Login / Sign up for adding comments.