The Best Security Is Based On Zero Trust

Uploaded on 2018-09-05 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW

The story of the Trojan Horse is a timeless lesson about what can happen when we make assumptions and trust the people that we shouldn’t. The Greeks were never going to be able to penetrate the walls of the city of Troy from the outside, so they had to devise a plan that would allow them to gain the trust of the Trojans in order for them to conquer the city from the inside.

Assuming this trust foiled the Trojans millennia ago; and the situation unfortunately is quite similar to the security posture of many networks today.

Data center security has traditionally been built around firewalls and other perimeter-based defenses that focus on keeping dangerous external forces out. However, when users with the right credentials get beyond these perimeter defenses, the architecture implicitly trusts them; and there is very little to impede that user’s movement once inside the network’s fortification. Therefore, the best way to truly secure data and workloads is by adopting a model that trusts nothing. This zero-trust security architecture is changing the game for data centers; and by understanding some of its key benefits, we can better protect our most critical organizational assets.

Erases Assumptions

Today, data center security is fraught with assumptions. We assume that if someone has the credentials to access the network then the network should trust the user. But what happens when those credentials are stolen? In that case, our assumptions have opened Pandora’s Box, and as the threat landscape continues to evolve and multi-tenant environments become increasingly complex, Pandora’s Box actually gets worse and worse.

Therefore, it is critical that we remove assumption from the security mindset altogether. In a zero-trust model, access is allocated on a per tenant, per application, and/or per workload basis. To that end, even if a user’s credentials are stolen, they are not free to access all parts of the network and instead can only see those resources defined for them. Additionally, in a zero-trust model, we are constantly evaluating a user’s digital identity so if abnormal behavior is recognized, the system can move quickly to change access or mitigate potential issues.

Increases Data Center Flexibility

Data centers are extremely complex networks with workloads operating across many different environments (private, public, hybrid) and multiple tenants all accessing resources. This kind of complexity makes simple perimeter defenses appealing to network managers from an investment and implementation perspective. However, it is that simplicity that opens data centers up to danger and keeps them rigid in their provisioning of resources.

One of the ancillary benefits of a zero-trust model is the flexibility that it provides to network managers. Since access can be allocated on a per tenant, per application, and/or per workload basis, we can better understand how system resources are used. Instead of having to dedicate resources for all users to the entire network, we can instead allocate only the resources required based on the individual access rules that are defined. In fact, some access does not even require network provisions and can be defined as peer-to-peer, thus freeing up even more precious network resources.

The Demise of the Firewall

Indeed, zero-trust security models require an extremely granular level of precision where each endpoint, IoT device, user, etc. is defined with its own access control. For a long time, this complexity made zero-trust security more of a dream than a reality as there was nothing that could orchestrate such complexity. Not to mention that no one could just remove the firewall and operate in a vacuum. However, as AI and machine learning has advanced, it is now possible to orchestrate zero-trust networking at a software level. AI is capable of examining behavior on a case by case basis and flagging or taking action against any abnormal behavior immediately. This ultimately means, that as zero-trust becomes widely implemented after the current firewall, data centers will come to realize that the firewall is redundant and therefore, it will cease to exist.

It is true that this final shift may still be a few years into the future, but by implementing zero-trust systems and policies now, data centers can begin realizing the benefits in security and flexibility while preparing themselves for the inevitable paradigm shift.

Not to mention that these data centers will be better protected against the kind of costly and debilitating cyber attacks that are becoming more and more prevalent today. The shift will require some investment and won’t happen overnight, but the benefits will be long lasting and far reaching.

DataCenter Knowledge:

You Might Also Read:

Powering The Future Of Artificial Intelligence

« Training Young Hackers To Stop Cybercrime
What Europe Can Do To Catch Dark Web Criminals »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ThetaRay

ThetaRay

ThetaRay’s solution for Industrial cyber security protects against unknown cyber-attacks that target industry and critical infrastructure.

PerimeterX

PerimeterX

PerimeterX is the leading provider of solutions that secure digital businesses against automated fraud and client-side attacks.

Balbix

Balbix

Balbix BreachControl™ is the industry’s first system to leverage specialized AI to provide comprehensive and continuous predictive assessment of breach risk.

Build38

Build38

Build38 provides the highest levels of security for mobile applications.

Institute of Informatics and Telematics (IIT)

Institute of Informatics and Telematics (IIT)

IIT carries out activities of research, assessment, technology transfer and training in the field of Information and Communication Technologies and of Computational Sciences.

Hubraum

Hubraum

Hubraum is Deutsche Telekom’s tech incubator, helping startups to create new business opportunities in areas including data analytics, AI, robot process automation and cyber security.

Cyberspace Solarium Commission (CSC)

Cyberspace Solarium Commission (CSC)

The Cyberspace Solarium Commission was established to develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.

Aristi Labs

Aristi Labs

Aristi Labs provides comprehensive security solutions to help businesses protect data and intellectual property, minimizing downtime and maximizing productivity.

Partners in Regulatory Compliance (PIRC)

Partners in Regulatory Compliance (PIRC)

Partners in Regulatory Compliance provides an array of cybersecurity services including cybersecurity policy management, risk assessments and regulatory compliance consulting.

Secura B.V.

Secura B.V.

Secura is an independent specialized cybersecurity expert, providing insights to protect valuable assets and data.

Epoch Concepts

Epoch Concepts

Offering a full line of IT services, solutions, and integration capabilities, Epoch Concepts is the trusted partner of the US military, federal agencies, private enterprises, and systems integrators.

ConvergePoint

ConvergePoint

ConvergePoint is the leading compliance software provider on the Microsoft Office 365 SharePoint platform.

National Centre for Digital Security (CNSD) - Peru

National Centre for Digital Security (CNSD) - Peru

The National Center for Digital Security manages and supervises the operation of Digital Security in Peru in order to strengthen digital trust.

ACDS (Advanced Cyber Defence Systems)

ACDS (Advanced Cyber Defence Systems)

ACDS was founded in the belief that cyber security can be done better. We’re combining emerging technologies and proven methods to bring a new approach to tackling the growing threat landscape.

SECTA5

SECTA5

SECTA5 is a cybersecurity company building a next-generation Continuous Threat and Exposure Management platform, leveraging the expertise of offensively trained cyber defenders.

Deimos

Deimos

Deimos is a technology, cloud, hybrid and multi-cloud focused, professional services company. Our expertise and focus is on cloud native Developer and Security Operations.