They fear that, once key applications and data stores are shifted from on-premise locations to cloud platforms, the task of maintaining security will become complex and difficult to manage.
While it’s right to be mindful about the importance of having effective security measures in place, achieving this in a cloud environment is not an impossible task. What it requires is a change in mindset and strategy.
A new way of thinking
At the heart of the new mindset is the concept of zero trust. While it’s usually only connected with security, it can actually have a much wider impact on an organisation than people realise.
|
According to a survey by Cybersecurity Insiders1 , which asked more than 315 IT and cybersecurity professionals around the world about their thoughts on zero trust, 78 per cent of security teams want to adopt the strategy. However, 53 per cent of teams believe that their legacy technology, which is appliance-based and places users on the network, is enough to do the job.
Although this confusion is perhaps understandable, it is also a little concerning. IT teams need to realise that being reluctant to embrace new technologies and move away from legacy approaches, will actually slow planned business transformation.
If an organisation has a goal of allowing users to work productively from anywhere, there is little benefit in requiring them to be routed through network appliances located in just a few locations. Also, if the goal is to keep a lid on costs, there is little point in continuing to invest in expensive appliances that can’t be quickly scaled to meet demand.
There are three best practices that can allow an organisation to fully embrace and get the benefits of a zero trust strategy.
1. Choose the underlying technology carefully:
It’s a truism that every job needs the right tool, and using the cloud as a delivery mechanism is the right approach when it comes to adopting zero trust. Indeed, research company Gartner recommends organisations make use of zero trust network access (ZTNA) technologies that are delivered as a service from the cloud when securing access to private applications.
ZTNA has the benefits of delivering better availability, faster deployment, and better protection against DDoS attacks than on-premise alternatives.
2. Tackle the challenges created by cloud and mobility:
When it comes to achieving the benefits offered by cloud platforms and mobile work practices, removing any potential obstacles is vital. The biggest challenges that are likely to be faced include identity management, minimising the attack surface, and gaining greater visibility into user activity.
As the number of remote and mobile workers has grown in recent years, and BYOD policies have become more widespread, the concept of identity management has become a central component when establishing trust. Thankfully, ZTNA tools can integrate with multiple identity providers to ensure that users are authorised and policies are enforced to provide a secure connection between a user and an application.
In the past, virtual private networks (VPNs) were designed to connect users to a network. This, in turn, required the network to make itself accessible, and this accessibility could be exploited by cybercriminals. ZTNA helps reduce the attack surface by only allowing authenticated users to access specific applications, based on policies set by an organisation.
Rather than simply focusing on IP addresses and email, as is the case with VPNs, ZTNA delivers increased visibility into actual user and application activity. The IT team can view every log and transaction in real time and with granular detail to understand who is accessing which applications. ZTNA also provides the ability to monitor the health of an IT infrastructure to ensure that applications and servers remain available and operating
normally.
3. Establish the best use case for your organisation:
Once an organisation decides to adopt a zero trust strategy, the IT team should initially focus on the use case that will deliver the most immediate positive
Research has shown that the most common zero trust use cases include those that focus on things such as providing access for contractors, application access during a merger or acquisition, providing an alternative for VPNs, and supporting multi-cloud access.
Doing nothing is not an option
During times of rapid change, it can be tempting to put your head down and simply continue with business as usual. This, however, is no longer an option. Adoption of cloud platforms and the ongoing rise in mobility means IT teams need to recognise that the game has changed.
Now is the time to understand the benefits that a zero trust strategy can deliver to your organisation and how it can prepare you for future challenges and opportunities.