Can Zero Trust Solutions Protect Hybrid, Multi-Cloud Networks?
As enterprises leverage hybrid IT, multiple clouds and other services, the Zero Trust philosophy is starting to come up short, hampered by challenges such as network orchestration across multiple clouds and a lack of support by some cloud vendors for virtual network infrastructures (VNIs). Both of which are key elements of a successful Zero Trust initiative.
“If you look at how we have architected enterprises over the last 30 to 40 years, we’ve built in the human concept of emotion of trust in the networks. And now, when you are in, you are in, and you can do what you want,” said Chase Cunningham, principal analyst at Forrester. “What we are working very heavily toward is the new infrastructure construct of zero trust, where we don’t allow those things to occur. You build the infrastructure much more granularly, focusing on the internal infrastructure to the external infrastructure.”
To address the concepts of internal and external network access, where trust has become the key component of access, vendors providing Zero Trust solutions are coming up with innovative ways to overcome the challenges presented by hybrid networks.
For most, the answer to the question of securing hybrid and multi-cloud networks comes in the form of a “platform.” It is that platform-based approach that will ultimately bring together the various components of zero trust into a unified, manageable offering. Key vendors in the Zero Trust space include Centrify, Forcepoint, Illumio and Pulse Secure, each of which is taking the hybrid and multi-cloud security challenges seriously and is partnering with other vendors to build unified solutions.
For example, Centrify is redefining the concept of privileged access management (PAM) for the modern enterprise IT threatscape by instituting a platform that institutes a zero trust framework. The company is working with the Cloud Security Alliance (CSA), an organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, to drive PAM and zero trust initiatives forward.
“Centrify’s participation in CSA underscores the company’s deep commitment to advancing cloud security, specifically creating awareness about the increasing need to protect cloud infrastructure and workloads with zero trust privilege,” said Nate Yocom, CTO of Centrify.
Forcepoint is also looking to drive the concept of a zero trust framework forward and has coined the term “human-centric cybersecurity approach.” We have seen the legacy approach to cybersecurity fail more frequently, simply because that approach to cybersecurity focuses more on protecting infrastructure and putting walls to keep people out, as opposed to focusing on what’s happening with the people on those infrastructures,” said Matthew Moynahan, CEO of Forcepoint.
Forcepoint Chief Scientist Richard Ford added, “At Forcepoint, we are taking a step back and flipping the way we look at threats by examining the intersection of humans and critical data rather than the internet at large. Forcepoint’s human-centric cybersecurity approach looks at the behavior of human and digital identities to protect against theft of critical data.”
Pulse Secure, a security vendor that leverages software-defined secure access solutions, is striving to integrate third-party solutions into its platform. The company offers bi-directional integration with IBM QRadar and Splunk SIEMs, allowing Pulse NAC to receive SIEM alerts and take network threat response actions. It also is working to implement comprehensive identity-based context-aware controls by integrating with Fortigate Next Gen firewall (NGFW) using RADIUS accounting capabilities, and is working with Palo Alto Network’s NGFW virtual instances to bring users’ authentication details and resource/IoT access enforcement policies into the mix.
“The advantages that vendors like Pulse Secure provide are unified visibility and control, broad endpoint and IoT security coverage, consistent policy enforcement and faster mean time to response to access issues. Those advantages result in an improved security posture and reduced attack surface,” said Paula Musich, research director of security and risk management at Enterprise Management Associates. “At the same time, consolidating multiple tools into a Secure Access platform reduces the cost of ownership and operational overhead.”
The efforts of vendors in the zero trust space should not go unnoticed, and the market potential of zero trust solutions is enormous. Research Insights predicts that the zero trust security market is expected to grow north of USD $39 billion and at a CAGR of more than 20% between 2019 and 2025. Simply put, Zero Trust is big and will only get bigger as vendors become more unified in their offerings.
