Zero Trust is all the rage these days, but what does it actually mean? People seem to throw the term around without really understanding it. In this blog post, we’ll explore what Zero Trust is not and provide some clarity on the topic. Stay tuned!
ZTNA in SSE: What Zero Trust is Not?
Forrester Research pioneered the notion of zero-trust security eight years ago with the goal of embracing a new paradigm for application access. It is one that sees all users and networks as untrusted.
Zero trust necessitates a rethinking of network security. It moves away from a network perimeter–based paradigm and toward one that is more user- and application-centric.
Unfortunately, some researchers and companies still describe zero trust in the same way they did eight years ago. These are connecting users to the network, permitting inbound access to apps, and exposing app IP addresses to the internet.
With internal software migrating to the cloud and users accessing them from outside the LAN, the demand for zero trust has never been higher. To do this, IT needs now consider five elements in addition to password security via IDP.
Inbound connections to internal apps should never be permitted.
When app IP addresses expose to the public internet, they become subject to DDoS and other internet-based external attacks. Zero trust guarantees that programs are fully invisible to the internet and entails building a separate environment for each internal application.
App-level segmentation of access
This, also known as micro-segmentation, necessitates the deployment of safe and encrypted micro-tunnels spun up on-demand and per session. Micro-segmentation is a new replacement for the previous superfluous and complex levels of network segmentation.
Never put users on the internet.
Connectivity to apps should no longer need network access. The internet utilizes as the new corporate network by detaching apps from the network, giving a more secure, perimeter-less approach to application access.
Suspicious activities should be monitored and reported to a SIEM.
To limit the risk of security exposure, IT must be able to see user activities in real-time. The ability to automatically feed logs to a SIEM enables companies to quickly harness the capabilities of their SOC rather than depending on batch cron tasks with restricted visibility (IP and port-centric only) received from outdated solutions such as VPNs.
Discover new applications.
Zero trust should apply not only to known apps but also to unknown applications. This is why teams must be able to find previously unknown applications and apply the same zero trust access controls to them as they do to all known applications.
The Ecology of Zero Trust
The zero trust concept necessitates integrating contemporary security solutions into an ecosystem. A software-defined perimeter (SDP) solution lies at the center of this ecosystem. Gartner currently refers to this concept as ZTNA, which covers cloud-based solutions that securely link users to internal apps via the internet rather than network firewalls and appliances.
Here are some of the other stakeholders in the zero trust security ecosystem:
Identity providers (for example, Azure AD, Okta, Ping, and Centrify):
By establishing and sending SAML characteristics, these password and authentication providers interface with SDPs and are used to consolidate identities, ease management, and give authorized access to apps.
Mobile device management systems (such as Intune, AirWatch, MobileIron, and Good Technology) may be used to secretly put SDP software onto endpoints, ensuring that all connectivity from iOS, Android, Windows, and Mac devices is based on zero trust.
SIEM providers (for example, Splunk, LogRhythm, and EventTracker):
SIEM is a vital technology inside the company SOC, providing visibility into user behavior and consuming audit logs from the SDP to identify suspicious activity.
Platforms for IaaS:
Platforms like Azure, AWS, and Google Cloud Platform (to which many internal programs are currently moving) offer their high-level security capabilities, such as AWS Security Groups. On the other hand, teams may combine these with a purpose-built SDP solution to give safe access to cloud apps in hybrid and multi-cloud settings.