Johna Till Johnson
October 15, 2018
Most CISOs have heard about zero-trust security. Leading-edge digital native organizations including Google have re-invented cybersecurity, and in the process upended our most cherished beliefs about how to protect data, applications, and the rest of the enterprise environment.
Zero trust relies on—demands—a deeper level of knowledge of systems and data, so that it is possible to put meaningful boundaries around systems and users everywhere. The network is still hugely important to implementing security, but instead of a few barriers at various network chokepoints, the focus is on centrally managed, policy-driven, deeply segmented communications. Large threat surfaces created by complex security rule sets are replaced by many smaller surfaces controlled by simpler rules, easier to understand, plan, create, and maintain. Network security interacts with and reinforces system and data protections.
Zero trust therefore upends our basic understanding of how best to protect data, systems, and users. It requires a radical re-thinking of networks, including the roles—and even the existence—of conventional, separate routers, firewalls, DDOS defenses, network segmentation solutions, and all other familiar network elements. Security functions, increasingly virtualized and modularized in the forms of virtual appliances and virtualized network functions, are implemented throughout the infrastructure as needed.
Zero trust also places security automation at the heart of security operations, and brings with it all the benefits of automation: reliability, agility, and scalability. It does all this while reducing both capital and operational costs on the network, through virtualization and consolidation of network appliances. It also enables virtualized security functionality to be embedded into network functions such as routers—making the network secure from within.
Finally, zero trust also drives reduced operating costs, especially by eliminating or simplifying and automating, management and maintenance tasks, all at reduced costs and with reduced risks.
IT professionals should immediately explore the opportunity to embrace zero trust in their environments; identify where to begin implementing zero trust principles; seek technologies that can help them implement coordinated, integrated protections around data and system, and within the network; build a business case for zero trust in the network around cost reductions, risk reduction, and agility.
Table of Contents
- Executive Summary
- Trends and Background
- Security Now
- Limitations of the Current Approach
- Zero Trust Overview
- Zero Trust: The Basics
- The Importance of Automation
- Zero Trust and the Network
- Automated, Centralized Policy Management
- Deep Segmentation
- Nested Segmentation
- End-to-End Stateful Session Management
- Integrated Encryption
- Virtualization and Consolidation of Network and Security Functions
- Secure Routing Fabrics
- Business Value of Zero-Trust Security
- Improved Risk Mitigation and Security Posture
- Reduced Costs: Capital and Operational
- Improved Agility