Overcoming the Barriers to Zero-Trust
For more than a decade, companies have been working to implement a zero-trust approach to cybersecurity–with the goal of eliminating trust from a given data network by validating every stage of digital interaction. Indeed, as the rate of ransomware and cyberattacks continues to skyrocket around the globe, this cutting-edge strategy has rapidly become the approach of choice for its ability to create secure environments that protect against unauthorized data utilization. Unfortunately, despite the clear and immediate benefits of this approach, zero-trust is often easier said than done.
To successfully incorporate a zero-trust approach into a company’s network security protocol, it’s imperative to first understand the barriers impeding its non-disruptive integration into existing networks and data centers. Companies can at the same time identify long-term solutions to overcome them, leveraging breakthrough new technologies like smart switches—which are rapidly becoming the key to making the zero-trust transition.
Below are three key barriers facing companies interested in implementing a zero-trust approach today, as well as how solutions like smart switches can help overcome them.
1. Cost
When it comes to implementing a zero-trust architecture, cost is often one of the biggest perceived barriers. Traditionally, to implement zero-trust protocols successfully, enterprises often need to evaluate and deploy multiple solutions that can be extremely expensive when sold under the annual recurring revenue (ARR) model. As one example, companies may find that using a north-south firewall can often be extraordinarily cost-prohibitive. Such firewalls quickly run into capacity problems if configured to inspect all east-west traffic, creating the need for multiple firewalls that must be periodically upgraded to address traffic volumes. As a result, most organizations choose to inspect only a small amount of east-west traffic, if at all.
Using a smart switch, however, companies can extend the capabilities of their top-of-rack switch pair. In doing so, companies can create high-function distributed firewalls for east-west traffic that also provide zero-trust segmentation at a compelling total cost of ownership (TCO). Just consider that according to IBM’s recent cost of a data breach report, companies that fully deployed zero-trust saved 43% on data breach costs, while organizations that did not suffered costs of $5.04 million per breach. When the stakes are this high, organizations need to be able to implement zero-trust strategies that are economically viable—which is why smart switch alternatives are so useful.
2. Complexity
A zero-trust security posture can be complex to deploy in the data center, requiring additional unique software sensors or agents to be fully operable. In addition, many organizations have mountains of technical debt that make it that much more challenging to implement new software, new agents and new strategies. Particularly if a given practitioner wants to implement zero-trust micro-segmentation, they must have a fine-grained understanding of the communication patterns between entities in order to fully protect them. This is not an easy task.
In order to deconstruct the complexities surrounding zero trust implementation, companies must have a holistic view of their data center—both at a macro and micro scale. This is where smart switches come into play. Smart switches occupy a unique vantage point in the data path for application-to-application communication, allowing companies to better understand and build policy for applications with a network-wide purview. Additionally, smart switches act as a comprehensive source of telemetry and flow data, making their purchase complementary to existing monitoring tools. Operators can initially deploy smart switches as a traditional network device and then evolve their use incrementally without fear of sudden added complexity.
3. Scale
Over the years, as nearly every vendor has discovered, one truth remains constant: Legacy hardware doesn’t have the capacity to “fit” zero-trust security rules into it. Legacy switches rely on ternary content addressable memory (TCAM), which is a shared resource that, on its own, has a limited capacity to hold extensive access control list (ACL) rules required to enforce a zero-trust segmentation strategy. Additionally, legacy switches enforce stateless ACLs and have limited flow/firewall logging capabilities to help comply with auditing—making them rigid and difficult to scale.
Smart switches, however, have stateful segmentation capabilities integrated seamlessly into their platform, with purpose-built hardware designed to scale up to one million stateful rules at one time. Using smart switches, organizations no longer have to find the “sweet spot” between policy/rule scalability and full coverage to enforce a zero-trust” segmentation deployment. On the contrary, as smart switches are added to servers, coverage naturally grows as workload resources are added.
Final Thoughts on Zero-Trust
When many companies think of zero-trust, they may understandably feel leery of the prospect of refactoring their entire data center; however, with smart switches the reality can be far less complex and intimidating than it might first appear. By acknowledging the barriers impeding zero-trust integration—and understanding how to overcome them—companies can realize the benefits of this cutting-edge approach and ensure they’re protected from whatever may lie around the corner.
