Why Is Zero Trust Cybersecurity So Essential Today

Not all segmentation is equal

Lateral movement is a step in the attack chain that occurs when a threat makes it past an organization's defenses and onto the network, where it moves across connected apps and expands the reach of the breach. This is an inherent weakness of perimeter-based architectures, which connect users to the network as a whole, giving them wide access to the resources therein.

The solutions to this problem are often assumed to be network segmentation and microsegmentation, whereby the network and its contents are split into smaller segments that are separated by (fire)walls. But this strategy is complex and expensive to set up and maintain, and tries to lessen a symptom of yesterday's architectures without solving the underlying problems: the architectures themselves.

The actual solution is zero trust segmentation. Zero trust architecture connects users directly to authorized apps in a one-to-one fashion-nobody receives access to the network as a whole. As a result, the potential for lateral threat movement is eliminated, along with complexity and cost.

Secure any entity accessing any resource

Plenty of people hear "zero trust" and assume it's the same as zero trust network access (ZTNA). But ZTNA is a specific solution, not an architecture. What ZTNA does, despite its inaccurate naming convention, is provide users with zero trust access directly to private apps hosted in data centers and private clouds-it does not give access to the network.

ZTNA is certainly a key part of any platform providing zero trust architecture, but it is not the whole story. Users access more than private applications alone. They also access the web, SaaS apps, and other IT resources across a variety of environments.

Beyond that, it's not just users that need secure access. There are also workloads, IoT and OT devices, and B2B partners that regularly connect to IT resources. As such, having a complete zero trust architecture means securing any of these entities as they access any IT resource. This is why one will often hear the analogy of an intelligent switchboard that provides secure any-to-any connectivity in a one-to-one fashion.

Context, context, context

From the moment we are handed our first devices, we are conditioned to see identity authentication as the standard for cybersecurity. That typically carries through to conversations about identity and access management (IAM), where verifying user identity is seen as the ideal means of determining whether someone should be granted access to a resource. But identity alone is not enough-even if it involves consideration of user group.

There are two reasons for this. First, users' identities can be stolen, as evinced by countless breaches involving the theft of VPN credentials. Second, users who are who they say they are can still engage in malicious or careless behavior that exposes organizations to cyberattacks and data loss.

Instead of sticking to this risky status quo, zero trust uses context to assess risk and govern access. That does include identity (which is a core part of zero trust architecture), but it goes far beyond it to consider other variables like device posture, destination and content risk, user behavior, and more. As an added point, this contextual analysis typically requires a heavy dose of AI/ML.

Cyberthreat and data protection

Zero trust architecture stops cyberattacks in four key ways (some of which we've already mentioned):

1. Zero trust eliminates firewalls, VPNs, and their public IP addresses, which are attractive targets for cyberattackers. Instead, apps are hidden behind a zero trust cloud, eliminating the attack surface. In other words, inbound connections are replaced with inside-out connections.
   
2. Zero trust prevents compromise through context-aware policies and, unlike hardware and virtual appliances, a high-performance cloud with the scalability necessary to inspect encrypted traffic (where most threats hide (but more on that below (aren't parentheses fun?))).
   
3. Zero trust gives direct-to-app connectivity rather than network access, preventing the potential for lateral movement across resources.
   
4. Zero trust stops data loss by, once again, inspecting encrypted traffic (where most data loss occurs), and protecting all modern data leakage paths, including SaaS app sharing, removable storage on endpoints, and a lot more.

In addition to the above, a fully featured zero trust platform should provide cyberthreat protection functionality like cloud sandboxing, DNS security, browser isolation, and more. Similarly, it should provide data protection capabilities like SSPM, out-of-band CASB, EDM, and more.

Special delivery!

To dive a bit deeper on something alluded to above, zero trust is a cloud native architecture. That is, it cannot be achieved merely by deploying another appliance in a data center or private cloud. Rather, it is delivered as a service from a global, multitenant cloud that was built for the purpose of providing zero trust architecture at the edge, meaning as close to end users as possible.

Because this omnipresent cloud provides secure any-to-any connectivity along with all the security functions anyone could ask for, it's a perfect fit for modern organizations with widely distributed cloud resources, remote workers, and data. These organizations no longer have to backhaul traffic to their data centers or maintain the same complex, inbound and outbound stacks of security and networking appliances (whether hardware or virtual).

Additionally, unlike appliances, cloud scale means that zero trust has the performance necessary to inspect encrypted traffic. With 95% of web traffic now encrypted and 86% of cyberattacks hiding in encrypted traffic, this inspection is more important than ever.

Public link

Please use the above public link if you want to share this noodl on another website.