The Best Security Is Based On Zero Trust

The story of the Trojan Horse is a timeless lesson about what can happen when we make assumptions and trust the people that we shouldn’t. The Greeks were never going to be able to penetrate the walls of the city of Troy from the outside, so they had to devise a plan that would allow them to gain the trust of the Trojans in order for them to conquer the city from the inside.

Assuming this trust foiled the Trojans millennia ago; and the situation unfortunately is quite similar to the security posture of many networks today.

Data center security has traditionally been built around firewalls and other perimeter-based defenses that focus on keeping dangerous external forces out. However, when users with the right credentials get beyond these perimeter defenses, the architecture implicitly trusts them; and there is very little to impede that user’s movement once inside the network’s fortification. Therefore, the best way to truly secure data and workloads is by adopting a model that trusts nothing. This zero-trust security architecture is changing the game for data centers; and by understanding some of its key benefits, we can better protect our most critical organizational assets.

Erases Assumptions

Today, data center security is fraught with assumptions. We assume that if someone has the credentials to access the network then the network should trust the user. But what happens when those credentials are stolen? In that case, our assumptions have opened Pandora’s Box, and as the threat landscape continues to evolve and multi-tenant environments become increasingly complex, Pandora’s Box actually gets worse and worse.

Therefore, it is critical that we remove assumption from the security mindset altogether. In a zero-trust model, access is allocated on a per tenant, per application, and/or per workload basis. To that end, even if a user’s credentials are stolen, they are not free to access all parts of the network and instead can only see those resources defined for them. Additionally, in a zero-trust model, we are constantly evaluating a user’s digital identity so if abnormal behavior is recognized, the system can move quickly to change access or mitigate potential issues.

Increases Data Center Flexibility

Data centers are extremely complex networks with workloads operating across many different environments (private, public, hybrid) and multiple tenants all accessing resources. This kind of complexity makes simple perimeter defenses appealing to network managers from an investment and implementation perspective. However, it is that simplicity that opens data centers up to danger and keeps them rigid in their provisioning of resources.

One of the ancillary benefits of a zero-trust model is the flexibility that it provides to network managers. Since access can be allocated on a per tenant, per application, and/or per workload basis, we can better understand how system resources are used. Instead of having to dedicate resources for all users to the entire network, we can instead allocate only the resources required based on the individual access rules that are defined. In fact, some access does not even require network provisions and can be defined as peer-to-peer, thus freeing up even more precious network resources.

The Demise of the Firewall

Indeed, zero-trust security models require an extremely granular level of precision where each endpoint, IoT device, user, etc. is defined with its own access control. For a long time, this complexity made zero-trust security more of a dream than a reality as there was nothing that could orchestrate such complexity. Not to mention that no one could just remove the firewall and operate in a vacuum. However, as AI and machine learning has advanced, it is now possible to orchestrate zero-trust networking at a software level. AI is capable of examining behavior on a case by case basis and flagging or taking action against any abnormal behavior immediately. This ultimately means, that as zero-trust becomes widely implemented after the current firewall, data centers will come to realize that the firewall is redundant and therefore, it will cease to exist.

It is true that this final shift may still be a few years into the future, but by implementing zero-trust systems and policies now, data centers can begin realizing the benefits in security and flexibility while preparing themselves for the inevitable paradigm shift.

Not to mention that these data centers will be better protected against the kind of costly and debilitating cyber attacks that are becoming more and more prevalent today. The shift will require some investment and won’t happen overnight, but the benefits will be long lasting and far reaching.

DataCenter Knowledge:

You Might Also Read:

Powering The Future Of Artificial Intelligence

« Training Young Hackers To Stop Cybercrime
What Europe Can Do To Catch Dark Web Criminals »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Applicure Technologies

Applicure Technologies

Applicure Technologies develops the leading multi-platform web application security software products to protect web sites and web applications from external and internal attacks.

IT Security House

IT Security House

IT Security House is a leading European supplier of Cyber Security Intelligence and eCrime services.

Langner

Langner

Langner is a software and consulting firm specialized in cyber security for critical infrastructure and large-scale manufacturing.

Absolute IT Asset Disposals

Absolute IT Asset Disposals

Absolute IT Asset Disposals is an IT asset disposal (ITAD) company providing safe and secure recycling of IT assets.

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance combines insurance expertise with cybersecurity and data talent to deliver clear, effective solutions to protect you for the cyberrisks of today—and tomorrow.

LogMeIn

LogMeIn

LogMeIn makes it possible for millions of people and businesses around the globe to do their best work simply and securely—on any device, from any location and at any time.

Valarian

Valarian

Valarian (formerly Worldr) is on a mission to build cutting-edge solutions that empower borderless collaboration in the new era of digital sovereignty.

TheGreenBow

TheGreenBow

TheGreenBow is a trusted VPN software company. We help organizations and individuals become cyber-responsible. For this, we design and develop reliable and easy-to-use solutions.

Quartz Network

Quartz Network

Quartz Network is a curated community for change-makers, up-and-comers, and professionals who are ready to grow, adapt, and thrive.

Skyhawk Security

Skyhawk Security

Skyhawk Security is the originator of Cloud threat Detection and Response (CDR), helping hundreds of users map and remediate sophisticated threats to cloud infrastructure in minutes.

ThrottleNet

ThrottleNet

ThrottleNet provides world-class managed IT services and cybersecurity to organizations in St. Louis and throughout Missouri.

MyKRIS Asia

MyKRIS Asia

MyKRIS specialise in providing and managing Internet network services and cyber security services to enterprises.

Security Compliance Associates (SCA)

Security Compliance Associates (SCA)

The sole focus of SCA is safeguarding critical information and complying with information security regulations.

Cakewalk

Cakewalk

Cakewalk is the new standard in easy Access Control. Trusted by IT & Security teams. Loved by employees.

Defendis

Defendis

Defendis develops AI-powered cybersecurity solutions for Government Agencies, Banks, and Businesses, designed to helps them contain data leaks, minimise damage, and proactively hunt for new threats.

TELUS

TELUS

TELUS provide Canadian businesses with the services and solutions they need to securely thrive in a digital world. Partner with a cybersecurity leader you can rely on.