Subscribe

White paper: Is your environment adaptive enough for zero trust?

Raising your access security to a zero-trust level requires continuous analysis and control.

Johannesburg, 14 Mar 2022

Although most organisations still use firewalls as their first line of defence and they remain a key component of their security strategy, changes in where services are located, who controls them and how they are used continue to challenge that paradigm. The trend towards cloud-based services is as strong as ever. The amount of business being conducted remotely is at an unprecedented level and workers are using their own devices to do it. At the very least, cloud-based services have put a serious dent into IT’s practices of creating layers of security protection for their sensitive or regulated data. 

For the foreseeable future, organisations with zero trust roadmaps don’t typically include plans to eliminate firewalls or any other type of perimeter-based security boundary, especially those with complicated hybrid environments. Instead, the shift in network security is to move away from the traditional approach where resources inside the firewall are delivered simplified access than those on the outside. Zero trust’s initial focus was to apply tighter controls for each network segment and resource endpoints. Or, to compare it to the physical building metaphor, putting a security guard at every door, hallway and elevator – and even at each office entry.

But despite zero trust’s network origins, it’s important to point out that today these same concepts have moved up the stack to the services and applications layer. This approach means that IT can use zero trust methodologies to control responses to access of their protected resources directly. While it does provide far more flexibility than the network approach for cloud-based services, this granular level of control will likely create scenarios where static authentication policies degrade the user’s experience. Referring back to the security guard at every door metaphor, imagine having to authenticate before entering every room in the office building. Instead, zero trust security needs a dynamic authentication model that is far more flexible and less intrusive than today’s static implementations.

Please download our white paper to learn more.

Share