If the past year has taught us anything, it’s that trusting a device simply because it originates from inside a corporate network is not a good idea. If an endpoint is unmanaged, it leaves the company vulnerable to attack. The move to widespread remote and distributed workforces highlights this challenge.
Unsurprisingly, the idea of zero trust has been widely discussed as a means to combat this threat. This approach ensures data access and usage are protected by understanding the flow of data and its importance, and by monitoring all activities around it. As a protective model, zero trust does not put a wall around networks and applications, but around employees and their devices, so it can protect remote environments at scale.
It sounds ideal. But the reality is that expertise in zero trust is limited and, according to a recent National Security Agency report, the first potential challenge is a lack of full support throughout the enterprise, possibly from leadership, administrators, or users.
In our experience working with customers, many enterprise IT security teams lack the confidence to implement it with their current security technology. Their concerns revolve around their existing infrastructure which today is often complex and may incorporate multiple servers and internal and third-party applications running in more than one data centre, or on different clouds.
Making changes that will meet with zero trust protocols could be demanding both from a time and cost perspective, and this has been a barrier to adoption.
Committing to zero trust means assessing where the major security risks are in the existing enterprise environment and understanding the flow of data. Without being able to clearly define the micro perimeter, it is hard to build a program that addresses the risks and allows controls to be put in place.
Clearly sensitive data assets, where they are stored and who uses them, should take priority, and inform policies about access control. Organizations adopting zero trust must extend it to all parts of their infrastructure for it to be truly effective.
Securing all critical components
The Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP) and IP Address Management (IPAM), commonly known as DDI, may be a good place to start.
DDI are critical components of any network and a key enabler of transactions. They form part of the attack surface for cyber criminals, but they also have a key role to play in enabling zero trust architectures for application and access networking infrastructure, and they offer some distinct advantages.
Given the reluctance of enterprises to embark on making huge changes to their existing systems, they will find that DDI can make their networks and applications more secure without the need for a massive overhaul, or a change in how multiple devices interface with the network. On the contrary, it can be the first point in establishing shared trust policies and provide a single pane of glass view across the network to bridge any gaps in coverage.
Software-defined DDI makes the implementation process easier for DevSecOps teams to automatically orchestrate and manage their DDI deployments as part of their overall application and network infrastructure and to automate zero trust and network policies in general.
This gives them multiple security and operational benefits including the elimination of configuration anomalies due to manual errors; improved version control, and vastly enhanced performance of applications thanks to instantly executed traffic steering capabilities.
Change in mindset
Enterprises considering the security of their remote workers or moving to a hybrid working model will realise huge advantages by switching to zero trust. It will be necessary to adopt a change in mindset with employees ready to provide further authentication if they want to access specific data or denied access due to a vulnerability. At the same time, IT and security departments will no longer be able to consider everything behind the firewall to be safe.
Using DDI to help with the switch means being able to integrate with multiple enterprise applications, which ensures uniform control and seamlessly routed traffic, which can be blocked, if necessary, to protect the company from threats.
Most importantly, enterprises must look beyond the supposed barriers and focus on the threats that grow by the day. Network environments are becoming more complex and distributed and zero trust principles are one of the most effective barriers to security breaches.
With all components of the infrastructure, not just security solutions, included, zero trust will protect the enterprise both internally and externally, regardless of where people, applications or networks reside.