Advertisment

The Zero Trust Network or Zero Trust Architecture: The implementation effectiveness

We live in the age of Cloud, where cybersecurity threats can come from both inside and outside an organization. The Zero Trust Network can help.

author-image
Ashok Pandey
New Update
Zero Trust Network

We live in the age of cloud, where cybersecurity threats can come from both inside and outside an organization. We can't rely on firewalls, this is where the Zero Trust Network or Zero Trust Architecture approach can help.

Advertisment

In this model, you can’t trust anything, creating a new network or architecture to protect your data with strong encryption techniques. But is it really going to help you? What are the other benefits of implementing the Zero Trust Network?

We asked the same questions to security experts, and here what they want to say –

Jyoti Prakash, Country Director – Enterprise Security Business, Micro Focus India

Advertisment

Nowadays, organizations are proactively taking a zero-trust approach where they focus more on gaps and how people might exploit them. In such an environment, people assume that application access is potentially malicious. Instead of trying to control all the borders and endpoints, one creates an island of applications and data that can be protected in a focused manner. Zero-trust hence uses far more qualities to control access rather than standard strategies. This means a zero-trust mindset involves application control securely and efficiently.

Let’s assume a scenario where people have gone ahead and deployed based on the current threat landscape. Over some time, things have changed - the whole model from securing has moved to the application which has further moved into embedding the whole security.

That’s where the Zero Trust Architecture came into the picture, saying that these are the tools that you have built; that product or technology or solution is good enough to address any of the concerns. The thought process is very clear now - CIO & CISOs are looking forward to anything unknown as well.

Advertisment

That’s the reason why both, the thought process of evolving the whole infrastructure and complying with new guidelines are coming up so that it becomes a wholistic journey for an organization. By working together, CIOs & CISOs can minimize data breaches and improve the organization’s ability to contain and defend against cyber-attacks.

Prashant Gupta, Head of solutions South East Asia & INDIA, Verizon Business Group

The 2019 Verizon Data Breach Investigations Report found that 29% of the 2000 data breaches investigated involved stolen credentials with misconfiguration errors in the cloud which is increasing year-on-year, highlighting the limitations of relying solely on perimeter security controls to protect the corporate data.

Advertisment

The rising number of remote employees with access to sensitive corporate information such as regulated data, intellectual property, and corporate financial data, connecting via traditional virtual private network (VPN) technology - has led to the robust adoption of SDP. Today's digital, mobile, and virtual business applications continue to enhance collaboration and productivity, but they also increase potential exposure to security threats with each new endpoint.

SDP helps reduce these risks by making critical applications and resources invisible to everyone until the end-users and devices are authenticated and authorized.

Nitin Wali, Regional Director, Technical Services, Neustar

Advertisment

The zero trust model is seen as the new ‘secure by default’ design approach but needs to be considered from the start of any initiative. It’s more a mindset than purely a technical implementation and will change how you approach solving problems and designing both processes and technology platforms.

To ensure a safe and secure supply chain, businesses must adopt a “zero trust” approach with their providers. This means conducting a thorough risk assessment of your supply chain and making informed decisions based on evidence – including industry accreditations and standards – before bringing an organization into your ecosystem. Looking for industry standards, such as ISO 27001 certification and implementing a strong risk management framework, which includes supplier management is also now more critical than ever, and combined with a zero-trust approach, will provide a high maturity and protection level across your business.

It is only through such rigor that can you be confident that your suppliers take security as seriously as your organization does and protect you against threats. Business owners, however, need to balance the accompanying incremental costs of the “zero trust” model. For instance, in a large organization, this may not be an issue as they may have an operational budget for security however if you’re running a small business changing your IT architecture is not only costly and time-consuming. The unfortunate reality is good security practices are always negotiated against the cost.