zero trust Archives - Security IT Summit | Forum Events Ltd
Posts Tagged :

zero trust

eBOOK: How to get started with Zero Trust Network Access (ZTNA)

960 640 Stuart O'Brien

By Censornet

Zero Trust is a paradigm that is becoming a guiding philosophy for the cybersecurity industry. But the technology that will turn the thinking into a reality is Zero Trust Network Access (ZTNA).

By 2023, 60% of enterprises will have phased out VPNs (virtual private networks) and replaced them with ZTNA, Gartner has predicted.

Even if an organisation has not yet considered moving to a Zero Trust model and implementing ZTNA, it should be laying the groundwork to ensure the changes happen as smoothly as possible. Censornet can help you on this journey, which we’ll start by explaining a little more about Zero Trust and ZTNA.

Goodbye VPN, hello ZTNA

Zero Trust and ZTNA turn the familiar mantra of ‘connect then authenticate’ on its head. Instead, Zero Trust demands a security approach where users must ‘authenticate, then connect’ and reminds security teams to ‘never trust, always verify’. In short, context – including identity – is everything.

ZTNA isolates systems from potential trespassers and hides applications from the internet. This makes applications more resilient to many forms of network-based attack including scans, vulnerability exploits, DoS and DDoS attacks.

Before letting anyone into a network, they should first be identified.  Risk should be assessed at that point, based on context, but also continually throughout the session. It is no longer enough for a user to simply fire up a VPN and connect. Identity, along with other contexts such as time and day must be considered, as well as other data points such as device, location, and even geo-velocity.

First steps to Zero Trust

For many organisations adopting a Zero Trust model, using ZTNA, is the first stage on the road to the next great paradigm: Secure Access Service Edge (SASE). Censornet’s guide will help you understand Zero Trust, discover how it can benefit your organisation, and assist you with taking those crucial first steps towards the future of your own cloud security.

Download your free copy now!

Zero Trust: The practical way to look at cybersecurity

960 640 Guest Post

By LogRhythm

Zero Trust is quickly becoming the security model of choice for enterprises and governments alike. The need to protect, defend and respond to threats is more apparent than ever as we continue to work from remote locations.

Where to start

Zero Trust is more than implementing a new software, it is a change in architecture and in corporate culture. The pandemic has increased interest in this working practice, with a recent survey finding 40 per cent of organisations around the world working on Zero Trust projects.

The first aspect of any project is identifying key data and where it sits in your organisation, and then documenting who needs access to it. This will allow you to begin dividing up your network keeping users and their data in appropriate areas.

The main challenges

The key principle to a Zero Trust model is rock-solid identity management. All users, devices and applications must all be correctly identified to ensure everyone is granted the right level of access.

The data identification process described above is one of the main challenges, understanding where your data is stored and who should have access to it can be tricky with legacy applications and weak identity management.

Then there is the question of culture, will employees be resistant to the change? Managing the amount of friction caused by the process is key to success.

The benefits

Some sort of security compromise is inevitable, Zero Trust mitigates the damage by restricting the intruder to one small part of your network.

It will allow simpler provisioning and deprovisioning of staff as they join or leave, with corresponding cost benefits as IT teams spend less time onboarding and offboarding staff.

It can provide a solution to the registration of trusted devices onto your network and cut spending on managing active directory.

Moving the ‘perimeter’ to the user and their device provides a way to extend the security we take for granted in the office to staff, wherever they might be working.

Learn more about a Zero Trust implementation in the latest Forrester Report.