Beyond the smoke and mirrors of zero trust security [Q&A]
Enterprises are faced with a barrage of new threats and entry points and as a result need to deploy, scale, enforce and maintain zero trust security policies to keep pace.
Access control needs to be at the core of any successful zero trust model but this too presents challenges. We spoke to Denny LeCompte, CEO of Portnox, to discover how organizations can overcome zero trust barriers.
BN: How will remote and hybrid workforces change network access security considerations?
DL: Historically, companies have enabled this by implementing secure remote access solutions, such as Virtual Private Networks (VPNs) and secure Remote Desktop Protocols (RDPs), ensuring the confidentiality and integrity of data in transit. Today, VPNs and RDPs are being swapped for Zero Trust Network Access (ZTNA) solutions, which promises more flexibility and scalability because they can be deployed as software out to the network edge (wherever that may be) with relative ease.
In a remote or hybrid work environment, IT security teams now must segment their networks to limit the potential impact of security incidents. This involves isolating sensitive data and systems, such as financial systems and databases, from less secure parts of the network, such as guest WiFi networks. Network access control (NAC) solutions have provided this functionality for years, but legacy on-premises NAC tools lack the flexibility to do this at scale across a highly distributed perimeter-less network. This is why we're seeing a surge of investment into cloud-native access control solutions that eliminate the need for any physical on-site hardware to be installed -- whether in the office or in the employee's home.
Identity and access management (IAM) solutions have seen rapid and widespread adoption over the last five years as remote and hybrid work policies have taken off. When used in conjunction with data encryption and data loss prevention (DLP), IAM solutions are doing wonders to restrict unauthorized access and stop data breaches in their tracks.
Securing network access for remote and hybrid workers doesn't stop with their authentication onto the network, however. Today, organizations must also monitor network activity and detect potential threats post-authentication in real-time. This is being successfully done with the help of security information and event management (SIEM) solutions that conduct regular security audits and ensure all network access and activity is properly monitored and analyzed.
BN: What is universal zero trust and why are companies failing to implement it?
DL: 'Universal' zero trust is a security framework that assumes every access request to the network, IT infrastructure, and applications is inherently threatening, and requires authentication and authorization, regardless of the device or location of the user.
The term 'universal' implies that zero trust extends not just to the network, but to all critical IT assets (e.g., infrastructure and applications), and that these assets are subject to same 'never trust, always verify' principle when it comes to access control.
Despite best efforts, companies are struggling to implement universal zero trust for several reasons:
- Lack of understanding: Many organizations are unfamiliar with the zero trust security framework and do not understand its benefits, making it difficult for them to justify the investment and resources required to implement it.
- Technical complexity: Implementing universal zero trust requires a significant amount of technical expertise and infrastructure, which many organizations lack. This can make it challenging for companies to implement zero trust security in a way that is effective and efficient.
- Resistance to change: Many organizations are resistant to change and may not be willing to make the necessary changes to their existing security infrastructure to implement zero trust security.
- Cost: Implementing zero trust security can be expensive, as it requires the purchase and deployment of new technologies, such as multi-factor authentication and network segmentation solutions.
- Integration challenges: Integrating zero trust security into existing security infrastructure and processes can be challenging, as it requires the coordination of multiple teams and systems.
BN: Where do decentralized networks, the connected device surge and the proliferation of connected enterprise applications fit into the future of corporate network security?
DL: While decentralized networks present new challenges to IT security professionals, the architecture of the networks themselves actually help organizations better secure their data by distributing it across multiple nodes, making it difficult for attackers to compromise the entire network and hold data for ransom.
The increasing number of connected devices in enterprise networks has led to an increased attack surface and the potential for security breaches. To mitigate these risks, organizations must implement robust device management solutions and implement security policies to ensure that all devices are secure.
Lastly, the proliferation of connected enterprise applications has created a complex network environment that is difficult to secure. Organizations must implement a comprehensive security strategy that includes secure access controls, data protection, and threat detection to ensure the security of the data in transit across these applications.
BN: What are the best ways to achieve complete device visibility across a corporate network for managed devices, BYOD and IoT?
DL: Achieving complete device visibility across a corporate network for managed devices, BYOD (Bring Your Own Device), and IoT (Internet of Things) devices is no small task. To do so requires implementing the below functionality across your corporate IT environment:
- Network segmentation: Network segmentation can be used to isolate different device types and reduce the attack surface. This tactic helps organizations better understand the device types present on their network and provides greater visibility into the devices that are accessing their network.
- Endpoint protection: Endpoint protection solutions can be used to protect devices from malware and other security threats. These solutions can also be used to monitor device activity and provide organizations with complete visibility into the devices that are accessing their network.
- Mobile device management: Mobile device management (MDM) solutions can be used to manage and secure BYOD devices, and today being used to enforce security policies, such as password complexity and screen lock requirements, as well as monitor device activity.
- IoT device management: IoT device management solutions can be used to manage and secure IoT devices, and new passive methods of IoT fingerprinting are helping companies establish more accurate profiles of IoT devices that enable stricter policy enforcement.
BN: What are some specific ways that companies can ensure a full view of their cybersecurity posture, close gaps, and add protection to eliminate shadow IT security concerns?
DL: There are a series of measures that companies can take today to ensure a full view of their cybersecurity posture, close cybersecurity gaps, and add cybersecurity protection to eliminate shadow IT security concerns. These include:
- Conduct a comprehensive risk assessment: IT security teams should conduct a comprehensive risk assessment to identify and understand the potential cybersecurity risks they face. This will help them understand their current cybersecurity posture and identify any areas where they need to improve.
- Enforce access controls: Organizations can enforce access controls to limit the potential for unauthorized access to sensitive information and systems. This can be achieved through the use of different tools, such as IAM, NAC and ZTNA.
- Implement security training and awareness programs: Cybersecurity departments can implement security training and awareness programs to educate employees about the importance of cybersecurity and how to identify and respond to security threats.
- Monitor for shadow IT: Companies can monitor for shadow IT to identify and understand the use of unauthorized or unapproved technology within the organization. This can help them eliminate security risks associated with shadow IT and ensure that all technology is properly secured. This is particularly difficult for IoT, but with new innovations in IoT profiling, companies can now accurately identify and take action on shadow IoT.
- Utilize cloud security solutions: Companies can utilize cloud security solutions to secure cloud-based applications and services. These solutions can provide additional layers of security, such as data encryption, to protect sensitive information.
Photo Credit: Dmitrijs Bindemanis/Shutterstock