Building Zero Trust With a Software Defined Perimeter

Back in 2010, John Kindervag, the then-principal analyst at Forrester, coined the term Zero Trust. The idea behind this edgy-sounding concept was that when it comes to network security, nothing can be trusted and everything — and everyone — should be verified.

Why We Need Zero Trust More Than Ever

When the concept of Zero Trust arose almost a decade ago, the state of networking and data threats were very different than they are now. There used to be a theory that everything originating outside the network was bad and everything inside was viewed as good. The popular “Trust but verify” security model gave inside users the benefit of the doubt, while implementing firewalls and AV tools to protect the perimeter from all outsiders, much like a moat protects the castle inside.

Then in 2017, Zero Trust as a security model became mainstream, when a Forrester report, Gauge Your Zero Trust Security Maturity, brought it back into the lexicon. But unlike a decade ago, this time the idea stuck, thanks to today’s ever-eroding perimeter.

As it now stands, traditional perimeter-based security measures do not account for the current notions of “inside” and “outside” the network. And with the adoption of the cloud and a mobile-centered workforce, plus all the many third-party suppliers that organizations are connected to, the perimeter-based model is clearly outdated.

Moreover, with the proliferation of insider threats and sophisticated malware, we now recognize that threats can come from anywhere and no one should be viewed as beyond suspicion. And when those insider threats are left to move unimpeded, they can cause critical damage. 

The concept of the castle and moat, or inside traffic — good, outside traffic — bad, is no longer working and is putting sensitive data in danger.

What Zero Trust Means to Us

Safe-T’s Software Defined Perimeter (SDP) is helping organizations implement and maintain a truly Zero Trust architecture.

It gets rid of the idea that you can trust everyone and everything inside your walls by creating micro-secured zones, from within which threats cannot spread. It keeps your data in the right hands by segmenting internal networks and by separating the access layer from the authentication layer. And it provides access to services on-demand only, using reverse access. This means that applications, services and networks only become visible once trust has been established. Thus, access to these resources is only granted once the user is authenticated and verified.

Even after granting access to the applications and data employees need, they can only access data that is in accordance with their specific access policy. In the case of insider threats, the ill-intentioned party can only access a small slice of data and is unable to move laterally to collect more data.

What’s more? All data transferred in or out of your organization is completely controlled and protected. This vastly lowers the potential for damage caused by malicious insiders, one of the worst threats organizations face today.

Moreover, all data usage per user is monitored and reported on, including historical reports and analysis. With the visibility granted by these reports, if and when breaches occur, they can be found and mitigated in the shortest amount of time possible. And SDP is client-less to support different types of “users” – humans, applications, APIs and IOT devices. So whether you are managing access for a bank, a water plant, or an enterprise, you can control access and prevent damaging lateral movement.

Building in control and segmentation throughout your network with SDP helps you take advantage of the cloud and mobile, while drastically reducing your risk of being breached.

Final Notes

Some may posit that Zero Trust is little more than the hot marketing buzzword of the moment. This is only the case when the term is talked about but not implemented in a meaningful way.

Adopting a true Zero Trust architecture is about establishing the understanding that no one should be granted access until they have been proven worthy, and then using the tools that facilitate and support that model.

The realities of our modern workplace mean that it’s no longer a question of whether or not you rely on the cloud or mobile devices. Every organization today needs these conveniences to survive today. But the fact that they continuously gnaw away at whatever was left of the organizational perimeter cannot be ignored.

Likewise, though the old “trust but verify” security model made everyone on board feel warm and fuzzy, insider threats have proven the errors of that model. Zero Trust, enforced by the correct tool set, is the way forward in the ever-evolving security landscape. Contact Safe-T today to learn more about the SDP solution.New Call-to-action

*** This is a Security Bloggers Network syndicated blog from Safe-T Blog authored by Eitan Bremler. Read the original post at: