Customers often ask us about digital transformation in the context of wanting to leverage the cloud, minimise their complexity, maximise mobility and eliminate on-premise infrastructure. From a security perspective, the answer lies in a conceptual framework called ‘Zero-Trust’, developed by Forrester Research analyst Jon Kindervag in 2009. Google have pioneered Zero-Trust, adopting it in their BeyondCorp project.
Zero-Trust challenges the traditional model, which enforces a perimeter security around the external, untrusted internet yet trusts everything on the inside of an organisation’s network.
The reality is that traditional architecture has become increasingly complex, not to mention vulnerable, due to many factors including mobility, BYOD and cloud workloads situated outside the perimeter.
Zero-Trust security, on the other hand, treats all network traffic as ‘untrusted’, instead seeking to ensure continual confirmation of user and end-point trust and by securing cloud data. The three tenants of Zero-Trust are that:
1. All resources must be accessed in a secure manner, regardless of location;
2. Access control is on a need-to-know basis and is strictly enforced; and,
3. Organisations must inspect and log all traffic to verify users are doing the right thing.
The dividend of Zero-Trust is a potentially ultra-light weight and highly flexible infrastructure built around the cloud that increases organisational security.
We see there being three core security technologies to bringing Zero-Trust into the SME market:
1. Identity and Access Management;
2. Cloud Security Platform (CASB); and,
3. End-Point Detection and Response.
To that end, we partner with (and proudly use) three of the best Zero-Trust platforms: Okta for its wide array of integrations and excellent usability, Netskope Cloud Security platform for its advanced CASB, DLP and web proxy functionality and Carbon Black for its superior anti-virus, threat detection, response and hunting functionality.
When it comes to a real-world deployment, however, what’s most important is that these three products have outstanding integration, making for a coherent, layered defence and efficient management. Simplicity, created by seamless integration and intuitive management interfaces, directly correlates to good security outcomes.
Despite the benefits of Zero-Trust security architecture, it is important to note that it comes with a catch that some organisations find tough. Using Zero-Trust means substantially increased monitoring of traffic between devices than in traditional models. As a result, addressing and creating security culture is a critical first step to strong security. Employees need to understand that what happens on work sanctioned devices and applications, including in the cloud, will be monitored. Once that hurdle is passed, Zero-Trust and its advantages of mobility and security become feasible for businesses of any size.
Read these four great resources to learn more about Zero-Trust:
Netskope – A six-step approach to zero-trust
Google’s BeyondCorp Architecture
Forrester blog on security cultural and Zero-Trust
Get in touch today to discuss how managed Zero-Trust security can enable your digital transformation.
Think this service suits your business? We work with a multitude of different industries across the board, so get in touch with us if you think you’re in the right area and would like to talk to one of our team about becoming cyber secure.