FEATURE : ZERO TRUST
may need access to data and applications located either on-premises or in the cloud .
For an effective ZTA strategy , it ’ s critical to determine who every user is and what role they play within an organization . The Zero Trust model focuses on a ‘ least access policy ’ that only grants a user access to the resources that are necessary for their role or job . After a user is identified , access to any other resources is only provided on a case-by-case basis .
TODAY ’ S NETWORKS NOW HAVE MANY ‘ EDGES ’, SO IT ’ S MUCH HARDER THAN IT USED TO BE TO CREATE A SINGLE DEFENSIBLE BOUNDARY .
This strategy starts with CISOs mandating breachresistant identification and authentication . User identities can be compromised either through the brute force breaking of weak passwords or by using social engineering tactics such as email phishing . To improve security , many enterprises are adding Multi- Factor Authentication ( MFA ) to their login processes . MFA includes something the user knows , such as a username and password along with something the user has , such as a token device that generates a singleuse code or a software-based token generator .
Once the identity of a user is authenticated through user log-in , multi-factor input , or certificates , it ’ s then tied to a Role-Based Access Control ( RBAC ) system that matches an authenticated user to specific access rights and services .
CISOs need to make sure that security processes avoid being so complicated or onerous that they hamper productivity or user experiences . ZTA solutions that are fast and Support Single Sign-On ( SSO ) can help improve compliance and adoption .
2 . What is on the network
Because of the massive increase in applications and devices , the network perimeter is expanding and potentially billions of edges must now be managed and protected . For an effective ZTA strategy , CISOs need to manage the explosion of devices resulting from the Internet of Things ( IoT ) and Bring Your Own Devices
( BYOD ) strategies . These devices might be anything from end-user phones and laptops to servers , printers and IoT devices such as HVAC controllers or security badge readers .
To understand what devices are on the network at any given point in time , CISOs also need to implement Network Access Control ( NAC ) tools that can automatically identify and profile every device as it requests network access , in addition to scanning it for vulnerabilities . To minimize the risk of device compromise , NAC processes need to be completed in seconds and provide consistent operations across both wired and wireless networks . Any NAC solution also should be easy to deploy from a central location , so it won ’ t require sensors at every device location .
Although it ’ s important to enforce access control for all devices , IoT devices are particularly challenging because they are typically low-power , small form factor devices without memory or CPU to support security processes . And they also often aren ’ t compatible with endpoint security tools . Because access control can ’ t be performed in the devices , the network itself needs to provide security .
As they consider ZTA solutions , CISOs need to make IoT control a priority . Access control through the network involves micro segmenting the network with Next-Generation Firewalls ( NGFWs ) and grouping
42 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com