By: Amr Alashaal, Regional Vice President, Middle East at A10 Networks
In the late ‘80s through the early ‘90s, network security was simple; once an entity (a person, a machine, a process) that was inside the envelope of your network and authenticated with your security service (typically the computer you were using) it was assumed that entity was, henceforth, trustworthy. This security architecture is called perimeter security. This architecture worked well because there were no external connections to your network and the network itself wasn’t complicated.
This simple security architecture couldn’t last for long. By the late ‘90s, these networks began connecting to the internet, paving the way for websites and email becoming mainstream. By the 2000s, hundreds of service providers began offering Software-as-a-Service (SaaS), which has become a strategic component of enterprise business operations. Now, the envelope of the network is no longer as clearly defined. Consequently, network security challenges became much more complex.
To sum up the state of network security to around 2010:
- The network no longer had a single, unbroken network perimeter. It had become “porous” to support mobile and remote workers, as well as business partners and new third-party services.
- “One and done” authentication of entities requesting access became inadequate for the new and more complex network security demands.
- You could no longer assume that anyone on your network, including your staff, could be trusted.
A Better Network Security Architecture
The realities of 21st-century enterprise networking required a new paradigm and in 2010, John Kindervag, an analyst at Forrester Research, wrote a paper that popularized the idea of the Zero Trust architecture. Over the next few years, as enterprise computing evolved to embrace cloud computing and the problems with perimeter security became more pressing, the concept of the Zero Trust architecture gained traction.
The fundamental concept of the Zero Trust architecture is simple: Never trust, always verify.
To reiterate, the Zero Trust security architectures are based on not trusting anyone or anything on your network. This means that network access is not granted without the network knowing exactly who you are. Moreover, every access attempt by any entity must be validated at multiple points throughout the network to make sure no unauthorised entity is moving vertically into or laterally within the network without being detected.
Making a Zero Trust network really work requires in-depth traffic inspection and analytics. Central to this is the use of SSL inspection solutions that decrypt and analyze encrypted network traffic (sometimes called “break and inspect”) to ensure policy compliance and maintain privacy standards.
By monitoring encrypted traffic to detect suspicious network communications and malware payloads as well as attempts to exfiltrate controlled data, for example, credit card and social security numbers, SSL inspection makes it possible for the Zero Trust model to comprehensively do what it’s supposed to do – protect networks from both internal and external threats.
5 Reasons Why You Need to Migrate to a Zero Trust Security Architecture
If you haven’t started down the path of reengineering your network to become a Zero Trust network, here the five crucial reasons to do so:
- The complexity of your network—the number of users, where they work, the devices they use, the number of workloads, your use of SaaS, adoption of a hybrid cloud environment, and so on—is just going to increase. A Zero Trust network reduces the complexity of securing your assets and makes it much easier to isolate problems.
- Because the complexity of your network is increasing rapidly, your security perimeter will, and maybe already does, look like Swiss cheese. Consequently, the attack surface of the network has expanded and the only practical way to reduce your level of vulnerability is to start establishing micro-perimeters and micro-segments to regain control.
- Third-party services such as SaaS and PaaS can’t be trusted. It only takes a single breach of a single third-party service that’s overly trusted to compromise your network assets. Creating robust micro-perimeters around these services is an absolute must.
- The internet is, essentially, an unsecured network and cyberattacks from amateurs, organized crime, and hostile state actors are increasing rapidly. In addition, the costs of mitigating a breach or a ransomware attack have increased enormously. The financial risks have become profound and will become the driving force in IT budgeting.
- Insider threats have also increased rapidly. Managing a mix of employees working from home and from branch offices as well as providing access to suppliers and other business partners requires robust and well-structured security controls.
If you’ve started down the path to a Zero Trust network, are you moving fast enough? Could you move faster? Does the C-suite understand the issues and is it willing to fund a strategy that might be all that stands between business success and irreversible failure?
If you’ve not yet started to plan and implement a Zero Trust architecture, why not?