Why Companies Are Pursuing Zero Trust Security Strategies
Companies are increasingly implementing an approach called zero trust security.
The move is the latest in the push-and-pull that occurs between advancing technology and the cyber security threats and the hackers behind them, racing to find vulnerabilities in company systems.
What Is Zero Trust Security? In a zero trust environment, every user and device is assumed to be a threat. Unlike past security strategies in which devices and users are assumed trustworthy until proven otherwise, zero trust security takes the opposite stance. No user or device may gain access to resources without first providing the right credentials.
This approach is designed as a response to the changing nature of network architectures. In the traditional, perimeter-based network of pre-cloud infrastructures, network security teams simply needed to police the perimeter and the entry points of the network. Firewalls and monitoring solutions made it relatively simple to watch for intruders and prevent them from entering.
Today, there are multiple technology trends eroding this perimeter. First of all, the network is no longer just the hub-and-spoke wide area network (WAN), but a distributed network operated through a virtual overlay in many cases. Devices are not housed inside an office building, but walking around with employees in the form of mobile and internet of things (IoT) devices. Every sensor, smartphone, and tablet accesses the network and does so from a variety of locations, creating a network perimeter that is fluid and ever changing.
In addition, companies are increasingly leveraging cloud technology, which broadens the security plane and increases vulnerability. Complicating things further are remote and hybrid work environments, with employees utilizing home networks and devices to access company resources.
The result is that traditional approaches to cyber security are no longer relevant, causing companies to take a completely different approach. While zero trust security is more of an approach than a specific tool or set of features and will look different at each company, here are some common elements:
- Multi-Factor Authentication: Companies require a strong, credentials-based authentication process with frequent password changes and strong passwords. They also require a combination of passwords and additional, one-time-use access codes to gain permission to use company resources. Companies often equip their security team with identity access and management (IAM) solutions to navigate this important aspect of security.
- Role-Based Access: Security teams assign access to company resources based on what the role requires to complete tasks.
- Edge Security: Zero trust security is often equipped with tools like secure web gateway and next generation firewall to bring security features to the network edge. This provides security protection closer to where data is being generated and used.
No two companies have identical strategies for a zero trust security strategy because every company has unique risks and requirements. To learn more about the technology used to support this type of security plan, contact us at One Connect.