The Best Security Is Based On Zero Trust

The story of the Trojan Horse is a timeless lesson about what can happen when we make assumptions and trust the people that we shouldn’t. The Greeks were never going to be able to penetrate the walls of the city of Troy from the outside, so they had to devise a plan that would allow them to gain the trust of the Trojans in order for them to conquer the city from the inside.

Assuming this trust foiled the Trojans millennia ago; and the situation unfortunately is quite similar to the security posture of many networks today.

Data center security has traditionally been built around firewalls and other perimeter-based defenses that focus on keeping dangerous external forces out. However, when users with the right credentials get beyond these perimeter defenses, the architecture implicitly trusts them; and there is very little to impede that user’s movement once inside the network’s fortification. Therefore, the best way to truly secure data and workloads is by adopting a model that trusts nothing. This zero-trust security architecture is changing the game for data centers; and by understanding some of its key benefits, we can better protect our most critical organizational assets.

Erases Assumptions

Today, data center security is fraught with assumptions. We assume that if someone has the credentials to access the network then the network should trust the user. But what happens when those credentials are stolen? In that case, our assumptions have opened Pandora’s Box, and as the threat landscape continues to evolve and multi-tenant environments become increasingly complex, Pandora’s Box actually gets worse and worse.

Therefore, it is critical that we remove assumption from the security mindset altogether. In a zero-trust model, access is allocated on a per tenant, per application, and/or per workload basis. To that end, even if a user’s credentials are stolen, they are not free to access all parts of the network and instead can only see those resources defined for them. Additionally, in a zero-trust model, we are constantly evaluating a user’s digital identity so if abnormal behavior is recognized, the system can move quickly to change access or mitigate potential issues.

Increases Data Center Flexibility

Data centers are extremely complex networks with workloads operating across many different environments (private, public, hybrid) and multiple tenants all accessing resources. This kind of complexity makes simple perimeter defenses appealing to network managers from an investment and implementation perspective. However, it is that simplicity that opens data centers up to danger and keeps them rigid in their provisioning of resources.

One of the ancillary benefits of a zero-trust model is the flexibility that it provides to network managers. Since access can be allocated on a per tenant, per application, and/or per workload basis, we can better understand how system resources are used. Instead of having to dedicate resources for all users to the entire network, we can instead allocate only the resources required based on the individual access rules that are defined. In fact, some access does not even require network provisions and can be defined as peer-to-peer, thus freeing up even more precious network resources.

The Demise of the Firewall

Indeed, zero-trust security models require an extremely granular level of precision where each endpoint, IoT device, user, etc. is defined with its own access control. For a long time, this complexity made zero-trust security more of a dream than a reality as there was nothing that could orchestrate such complexity. Not to mention that no one could just remove the firewall and operate in a vacuum. However, as AI and machine learning has advanced, it is now possible to orchestrate zero-trust networking at a software level. AI is capable of examining behavior on a case by case basis and flagging or taking action against any abnormal behavior immediately. This ultimately means, that as zero-trust becomes widely implemented after the current firewall, data centers will come to realize that the firewall is redundant and therefore, it will cease to exist.

It is true that this final shift may still be a few years into the future, but by implementing zero-trust systems and policies now, data centers can begin realizing the benefits in security and flexibility while preparing themselves for the inevitable paradigm shift.

Not to mention that these data centers will be better protected against the kind of costly and debilitating cyber attacks that are becoming more and more prevalent today. The shift will require some investment and won’t happen overnight, but the benefits will be long lasting and far reaching.

DataCenter Knowledge:

You Might Also Read:

Powering The Future Of Artificial Intelligence

« Training Young Hackers To Stop Cybercrime
What Europe Can Do To Catch Dark Web Criminals »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Panda Security

Panda Security

Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions.

KFSensor

KFSensor

KFSensor is an advanced 'honeypot' intrusion and insider threat detection system for Windows networks.

LEXFO

LEXFO

LEXFO specializes in the security of information systems, assisting clients in protecting information assets using an offensive and innovative approach.

MNCERT/CC

MNCERT/CC

MNCERT/CC is the national Computer Emergency Response Team for Mongolia.

Nixu

Nixu

Nixu is the largest Nordic specialist company in information security consulting.

Vysk Communications

Vysk Communications

Vysk is an award-winning mobile security firm that has developed the world’s most secure system for voice communication.

Altron

Altron

Altron provides locally relevant innovative and integrated ICT solutions to business, government and consumers.

CyberSaint Security

CyberSaint Security

CyberSaint’s CyberStrong Platform empowers organizations to implement automated, intelligent cybersecurity compliance and risk management.

IntaPeople

IntaPeople

IntaPeople are IT and engineering recruitment specialists. We have specialist teams for job sectors including Cybersecurity, IT infrastructure and DevOps.

Madrona Venture Group

Madrona Venture Group

Madrona Venture Group invests in seed and early-stage technology companies in areas including cybersecurity.

Gray Analytics

Gray Analytics

Gray Analytics is a Cybersecurity Risk Management company providing best-practice services across a broad spectrum of cyber scenarios for both government and commercial customers.

Evina

Evina

Evina offers the most advanced cybersecurity and fraud protection for mobile payment.

Mosyle

Mosyle

Businesses and educational institutions rely on Mosyle to manage and secure their Apple devices and networks.

DartPoints

DartPoints

DartPoints helps bridge the digital divide by delivering cloud, colocation, managed services + edge infrastructure.

Mutare

Mutare

For three decades, Mutare has been empowering organizations to re-imagine a better way to connect through our transformative voice security, digital voice and text messaging solutions.

Beround

Beround

Beround is an IT consultancy firm specialized in software testing.