FEATURE : ZERO TRUST
resources that are necessary for their role or job . After a user is identified , access to any other resources is only provided on a case-by-case basis .
This strategy starts with CISOs mandating breachresistant identification and authentication . User identities can be compromised either through the brute force breaking of weak passwords or by using social engineering tactics such as email phishing . To improve security , many enterprises are adding multifactor authentication ( MFA ) to their login processes . MFA includes something the user knows , such as a username and password along with something the user has , such as a token device that generates a singleuse code or a software-based token generator .
Once the identity of a user is authenticated through user log-in , multi-factor input , or certificates , it ’ s then
Peter Newton , Senior Director of Product Marketing , Fortinet
THE MOST EFFECTIVE STRATEGY IS A HOLISTIC APPROACH THAT DELIVERS VISIBILITY AND CONTROL BY FOCUSING ON THREE KEY AREAS .
tied to a role-based access control ( RBAC ) system that matches an authenticated user to specific access rights and services .
CISOs need to make sure that security processes avoid being so complicated or onerous that they hamper productivity or user experiences . ZTA solutions that are fast and support single sign-on ( SSO ) can help improve compliance and adoption .
2 . What is on the network
Because of the massive increase in applications and devices , the network perimeter is expanding and potentially billions of Edges must now be managed and protected . For an effective ZTA strategy , CISOs need to manage the explosion of devices resulting from the Internet of Things ( IoT ) and Bring Your Own Devices ( BYOD ) strategies . These devices might be anything from end-user phones and laptops to servers , printers and IoT devices such as HVAC controllers or security badge readers .
To understand what devices are on the network at any given point in time , CISOs also need to implement network access control ( NAC ) tools that can automatically identify and profile every device as it requests network access , in addition to scanning it for vulnerabilities . To minimize the risk of device compromise , NAC processes need to be completed in seconds and provide consistent operations across both wired and wireless networks . Any NAC solution also should be easy to deploy from a central location , so it won ’ t require sensors at every device location .
Although it ’ s important to enforce access control for all devices , IoT devices are particularly challenging because they are typically low-power , small form factor devices without memory or CPU to support security processes . And they also often aren ’ t compatible with endpoint security tools . Because access control can ’ t be performed in the devices , the network itself needs to provide security .
As they consider ZTA solutions , CISOs need to make IoT control a priority . Access control through the network involves micro segmenting the network with next-generation firewalls ( NGFWs ) and grouping similar IoT devices together to harden the network . This approach breaks up the lateral ( east-west ) path through the network , so it ’ s more difficult for hackers and worms to gain access to connected devices . It also reduces the risk that a hacker can use an infected device as a vector to attack the rest of the network .
3 . What happens to managed devices when they leave the network
Because people use BYOD devices both for personal and business needs , the third key to an effective ZTA
42 INTELLIGENTCIO LATAM www . intelligentcio . com