The threat landscape is a moving target. Attacks are growing in both frequency and sophistication. Digital transformation, migration to the cloud, and the dramatic increase in remote work models spurred by the pandemic have expanded the attack surface in fundamental ways. The traditional corporate perimeter can't keep an organization safe in a cloud-first world, where users, applications, and data are everywhere, which all exponentially increase an enterprise's exposure. These are all areas where Zero Trust can help.
In particular, we are now in an era of having to protect an elastic workforce perimeter; wherever users, devices, and applications are. How can you transform your security to create a modern security infrastructure to deal with this reality?
The short answer is: one step at a time. Incorporate the principles of Zero Trust across your security foundation to prevent intrusion, lateral movement, and data loss while following a roadmap that keeps business priorities and operational requirements aligned with your security transformation goals.
The hybrid reality
For most, the path to security modernization requires a hybrid approach that combines on-premises solutions and data center elements, such as firewalls and VPNs, with new technologies that support a path to Zero Trust. This ultimately leads to cloud-delivered Secure Access Service Edge (SASE) frameworks that shift the focal point of security to the identity and context of the user and/or device rather than the data center.
Because this transformation to Zero Trust brings together disparate products from multiple vendors, hybrid environments pose operational challenges. Policies are fragmented, making it difficult to ensure effective and consistent security across products. And it is difficult to bring together threat signals coming from these disparate solutions to gain actionable insights for mitigation.
A holistic approach to security
How can you consolidate what is in place today while adding new best-in-class solutions to the mix? In order to create the Zero Trust fabric enterprises require, you will likely have to combine disparate and hybrid solutions from different vendors. Let's look at some key ways to achieve this.
Eliminate fragmented policy across hybrid and multi-vendor solutions
To get the most value from solutions addressing different needs across the security stack, it is critical to define and enforce a federated set of policies across disparate security solutions. This policy orchestration provides a single policy paradigm that abstracts policy control to enable a consistent security posture across distributed workforce environments. This enables automated, policy-driven responses to threats. For example, proactively closing off application or network access to an impacted user, device, or particular region based on real-time analysis of local threat activity, triggering remediation actions, and restoring access to the affected user.
Threat detection and response: signal ingestion
Collecting and analyzing threat signals is crucial for detecting, identifying, and remediating today's threats. A common edge platform needs the ability to bring different types of signals together across the hybrid environment to provide intelligence that enables rapid response to limit the intrusion, regardless of its entry point, as well as proactive response and mitigation.
Minimize the attack surface
Enabling applications to connect to users instead of connecting users to applications eliminates the traditional inside-outside distinction. This approach makes applications and data assets invisible to attackers while enabling users to access the right applications wherever they are while enforcing principles of least privileged access. This means making access controls adaptive, taking into account identity-based permissions and contextual factors like device type, location, and real-time threat activity when granting or preventing access.
Prevent lateral movement: Micro-segmentation
Even the most sophisticated security controls can minimize the risk of malware intrusion or a breach but never fully eliminate it. Employing granular "east-west" network segmentation helps ensure that any malware that sneaks through cannot proliferate laterally across the enterprise.
Secure an elastic workforce perimeter
Deploying this holistic platform within a distributed edge network is crucial. By doing so, you place security intelligence closer to the user through the power of a highly distributed architecture wherever users are. This ensures the highest performance and scale, with low latency or user experience issues. It also facilitates the efficient collection and analysis of threat signals when they emerge.
Open framework
Given the disparate nature of the hybrid network security infrastructure, having an open security platform is essential. It provides the flexibility to support multi-cloud, multi-application networks, with the freedom to leverage third-party integrations to meet the security needs of today and tomorrow.
Combining these factors provides a holistic view of the network, its users, devices, and activity, all linked to network and security policies with the ability to adjust in real-time automatically. The result is greater control over your new security technology investments and your existing investments, increasing the value of legacy infrastructure.
One step at a time
It's important to note that achieving true network security transformation of consolidation and convergence is a journey, not a single leap. You can start by modernizing key elements of your infrastructure. The next step is optimizing your security operations to enhance your ability to identify, respond to and remediate evolving threats.
As you embark on your Zero Trust journey, it's important to stay focused on the destination: an open, distributed, and holistic infrastructure that orchestrates policies across your hybrid network environment, with the intelligence and adaptability to assess and respond to threats proactively. The good news: this vision is achievable today!
Romen Kuloor is VP, Enterprise Security Products at Akamai Technologies.
Related articles: