IT Focus Area: security
January 18, 2018
4 Major Myths of Zero Trust Architecture
With the ongoing threat of data breaches, data security continues to be top-of-mind. Traditional data security strategies tend to operate under a “trust but verify” approach, a perimeter-centric model that trusts internal users with unrestricted network access, while considering the external or “untrusted” network as the only network in need of security controls. With a Zero Trust Architecture model, trust is a vulnerability that should be mitigated in every network. Zero Trust Architecture is an alternative security model that addresses the fundamental flaw of traditional strategies—that data only needs to be protected from outside of an organization.
Zero Trust Architecture focuses on the business needs and functionality of an organization by implementing a network-centric data security strategy that provides specific access only to those who need it. The Zero Trust model views data security through a new lens, enabling parameters that dictate access and restrictions. In a legacy network, organizations have little to no visibility or control regarding network and data usage, but with a Zero Trust Architecture, all network traffic is seen by the segmentation gateway containing granular policy regarding data, application, or asset access that is strictly enforced. Zero Trust networks employ a positive security enforcement model where specific rules must be in place before a resource can be accessed.
There are many misconceptions surrounding Zero Trust Architecture model —from its overall functionality to implementation. Discover the four major myths of Zero Trust Architecture and learn how it can help organizations maximize data security.
Myth #1: Zero Trust Architecture Always Requires a ‘Rip and Replace’ of the Existing Network
A Zero Trust Architecture is implemented using an augmentation of an existing network by adding segmentation gateways and granular policies based on users, application and data types incrementally over time, despite perceptions that it must require a ‘rip and replace’ on the endpoint. As a network-centric security solution, Zero Trust Architecture is eminently scalable, can be built quickly, and provides viable security solutions for organizations—without the costliness and disruptions of a ‘rip and replace’.
Myth #2: Zero Trust Architecture Is Expensive and Disruptive
Since Zero Trust Architecture is an augmentation of current security controls and not a ‘rip and replace’, typically there are few, if any, disruptions when it comes to implementation. This means that with a Zero Trust Architecture in place, organizations will have a simplified security model that provides greater operational efficiencies and is also more cost effective—all while enforcing a smarter, more powerful data security strategy.
Myth #3: Zero Trust Architecture Is Done All on the Endpoint
When it comes to protecting data, the goal is always to make the network a powerful data security enforcement point. If a Zero Trust Architecture is implemented on the endpoint, it lessens its effectiveness. To maximize a Zero Trust Architecture, it is important to start at the network to define policy before moving to the endpoint.
Myth #4: Zero Trust Architecture Cannot Be Deployed to the Public Cloud
Most organizations view Zero Trust as something that must be done on-premises, but Zero Trust Network Architecture is quickly moving to the public cloud. Think of a public cloud as a virtualized data center owned by someone else. When you move workloads and data to a public cloud, there has traditionally been a very limited set of native security controls that can be implemented. By taking a Zero Trust approach, companies can now mimic what they are doing in the software-defined data center and extend that to the public cloud. This is done by transparently inserting a Virtual Segmentation Gateway into the virtualization stack of the public cloud service and then applying layer two through seven Zero Trust rules to segment the traffic based upon users, applications, or data types.
Zero Trust Architecture: The Key to Every Organization’s Cybersecurity Strategy
The benefits of Zero Trust Architecture go beyond these common misconceptions and the business impact for organizations are vast. Zero Trust strategically resonates with the highest levels of an organization, yet is tactically implantable using commercial off-the-shelf technology. As changes in technology continue to evolve, it’s no wonder that the notion of trust is being examined when it comes to accessing data. A Zero Trust Architecture identifies vulnerabilities and pinpoints gaps in current security models at the root level—looking at all aspects of an infrastructure and strengthening from the ground up. With a Zero Trust Architecture, each organization customizes their security for their specific data and assets. It is an individualized approach that looks first at an organization’s business objectives to understand their goals and determines exactly what and how their data needs to be safeguarded—to build a stronger security solution that aligns directly with their needs.