SBN

Does Zero Trust Security Have to be Hard to be Effective?

The short answer is no.

As expected, the long answer is a little more nuanced. But first, a quick refresher on Zero Trust security for those who haven’t jumped on the bandwagon yet. (For those who have, feel free to skip the next section.)

Zero Trust Security Recap

We know that the defensible network perimeter no longer exists. Utilizing a security and access approach that made sense 20 years ago in today’s environment is at best misaligned and at worst perilous. And this isn’t just theory. This is evident in the number and scale of data breaches we’ve seen in the last five years, the majority of which happened as a result of trust being abused inside of the perimeter.

That’s why so many security teams recognize that it’s time for a change. We can’t expect to get where we want to go — reduce data breaches — by continuing to do the same thing that got us here in the first place. Time to level up.

That’s where Zero Trust security comes in. Yes, there are many flavors and debates around Zero Trust security, but for the purpose of this post I will try to keep it simple. (Don’t get me started on how we need to reduce complexity to reduce risk…) So, Zero Trust security in this context is all about no inherent trust in the network, where security and access decisions are dynamically enforced based on identity, device, and user context.

Zero Trust Security At Akamai

We have talked at length about how evolving beyond perimeter security is a key initiative for the Akamai IT and security organization. Much like Google with BeyondCorp (FWIW an architecture we very much believe in), we have tried to share our experiences with the larger industry. Our CISO, Andy Ellis, has talked about it extensively — just Google “Andy Ellis Perimeter of One to learn more.

In our journey, we have also tried to focus on the key goals and outcomes of adopting Zero Trust security, and not just the technical debates around how to get there with identity aware proxies, network segmentation gateways, secure web gateways, etc. As part of that discussion, we landed on the following key goals to strive for:

  • Stop malware propagation and lateral movement. We all know that in traditional perimeter-based networks, malware typically penetrates deeply due to a lack of segmentation and poor network visibility. At Akamai, we are focused on the combination of more granular access controls for specific applications combined with proactive threat prevention to make it much harder for malware to propagate or for an attacker to gain access to other corporate workloads.
  • Reduce complexity and streamline operations. At Akamai, we believe the Edge is where security controls should live. There are plenty of benefits beyond being close to users, apps, and threats. Edge based security also enables teams to replace costly-to-manage and -maintain virtual or hardware appliances with a simple security service.
  • Reduce capex and opex for security. Who is tired of being asked to do more with less? Improving security is invariably associated with increased cost. With Zero Trust security, this isn’t always the case; to the contrary, improved security combined with cloud-based simplicity enables you to potentially consolidate security controls, reduce management costs, and — with a new security architecture — leverage the Internet as your corporate network. 
  • Increase visibility and reduce time-to-breach detection. We have all seen the stats and quotes associated with breaches — the months malicious actors remained undetected on the corporate network or that, once past the perimeter, malicious actors were able to move around completely unfettered. It goes without saying that this is a problem. At Akamai, we are focused on the combination of more granular application access logging combined with DNS-based security controls to ultimately provide more visibility and accelerate breach detection.
  • Stop exfiltration of internal data. Allowing data to get into the hands of malicious actors can have serious consequences, whether it’s fines for not taking sufficient care of personal data or loss of revenue caused by the theft of intellectual property or strategic plans. Once again, at Akamai we are focused on how to stop exfiltration of internal data with least-privilege-based and default-deny-based adaptive access controls and DNS based visibility and security.
  • Enable digital business transformation. Every marketer’s favorite four words. That being said, for most of our customers — and even internally at Akamai — transforming the business digitally to go faster and be more agile remains a core business goal. So, what can the IT and security team do to become a partner in digital transformation versus a roadblock? By shifting away from perimeter-based security, the paranoia associated with potentially providing access to the the entire corporate network via supporting new corporate cloud services or allowing partners or suppliers acces has disappeared. At Akamai, fear of exposure no longer rules the land as access is only granted to a limited number of applications based on identity, device, and security context — without ever granting access to the corporate network. In addition, digital business transformation at Akamai includes enabling a modern “work anywhere” corporate culture. Specific app access from anywhere is clearly key. But it’s also important to protect users everywhere, blocking access to malicious domains, URLs, and content whether the user is in the office or their local coffee shop.

Zero Trust Security At Our Customers

As our list of Zero Trust security customers grows, we have come to a simple, albeit somewhat obvious, realization. Nothing beats 20/20 hindsight… Most of our customers on a Zero Trust security journey start from different places. For some, it’s all about using the Internet as the corporate network; for others, it’s about moving beyond centralized security controls; and for others still, it’s about dealing with an ever-expanding and more complex ecosystem of suppliers, vendors, and partners. But ultimately there is a core common goal — how do I reduce risk and complexity while improving user experience?

In that context, we are happy to announce that we are launching a new Zero Trust package to make it even easier for our customers to adopt Akamai solutions that will help them on their Zero Trust security journeys. Enterprise Defender enables you to ensure secure access to the applications you control, while mitigating the risks associated with your users accessing applications you don’t control. Built on the Akamai Intelligent Edge Platform™, Enterprise Defender combines malware prevention with adaptive application access, security, and acceleration in a simple-to-consume service at the edge. Enterprise Defender enables you to move towards a Zero Trust security posture without hardware or appliances.

It can be that easy. Simply subscribe to Enterprise Defender to reduce risk and complexity while improving user experience.

Schedule a meeting with a Zero Trust security specialist today.


*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Lorenz Jakober. Read the original post at: http://feedproxy.google.com/~r/TheAkamaiBlog/~3/2LANkIAHu7k/does-zero-trust-security-have-to-be-hard-to-be-effective.html