Thursday, 02 April 2020 23:03

How embracing Zero Trust will improve IT security

Budd Illic ANZ Country Manager, Zscaler Budd Illic ANZ Country Manager, Zscaler

GUEST OPINION by Budd Ilic, ANZ Country Manager, Zscaler: The benefits of cloud platforms are now well understood within most organisations, however some IT teams are still hesitant to adopt due to the subject of security.

They fear that, once key applications and data stores are shifted from on-premise locations to cloud platforms, the task of maintaining security will become complex and difficult to manage.

While it’s right to be mindful about the importance of having effective security measures in place, achieving this in a cloud environment is not an impossible task. What it requires is a change in mindset and strategy.

A new way of thinking

At the heart of the new mindset is the concept of zero trust. While it’s usually only connected with security, it can actually have a much wider impact on an organisation than people realise.

According to a survey by Cybersecurity Insiders1 , which asked more than 315 IT and cybersecurity professionals around the world about their thoughts on zero trust, 78 per cent of security teams want to adopt the strategy. However, 53 per cent of teams believe that their legacy technology, which is appliance-based and places users on the network, is enough to do the job.

Although this confusion is perhaps understandable, it is also a little concerning. IT teams need to realise that being reluctant to embrace new technologies and move away from legacy approaches, will actually slow planned business transformation.

If an organisation has a goal of allowing users to work productively from anywhere, there is little benefit in requiring them to be routed through network appliances located in just a few locations. Also, if the goal is to keep a lid on costs, there is little point in continuing to invest in expensive appliances that can’t be quickly scaled to meet demand.

There are three best practices that can allow an organisation to fully embrace and get the benefits of a zero trust strategy.

1. Choose the underlying technology carefully:

It’s a truism that every job needs the right tool, and using the cloud as a delivery mechanism is the right approach when it comes to adopting zero trust. Indeed, research company Gartner recommends organisations make use of zero trust network access (ZTNA) technologies that are delivered as a service from the cloud when securing access to private applications.

ZTNA has the benefits of delivering better availability, faster deployment, and better protection against DDoS attacks than on-premise alternatives.

2. Tackle the challenges created by cloud and mobility:

When it comes to achieving the benefits offered by cloud platforms and mobile work practices, removing any potential obstacles is vital. The biggest challenges that are likely to be faced include identity management, minimising the attack surface, and gaining greater visibility into user activity.

As the number of remote and mobile workers has grown in recent years, and BYOD policies have become more widespread, the concept of identity management has become a central component when establishing trust. Thankfully, ZTNA tools can integrate with multiple identity providers to ensure that users are authorised and policies are enforced to provide a secure connection between a user and an application.

In the past, virtual private networks (VPNs) were designed to connect users to a network. This, in turn, required the network to make itself accessible, and this accessibility could be exploited by cybercriminals. ZTNA helps reduce the attack surface by only allowing authenticated users to access specific applications, based on policies set by an organisation.

Rather than simply focusing on IP addresses and email, as is the case with VPNs, ZTNA delivers increased visibility into actual user and application activity. The IT team can view every log and transaction in real time and with granular detail to understand who is accessing which applications. ZTNA also provides the ability to monitor the health of an IT infrastructure to ensure that applications and servers remain available and operating

3. Establish the best use case for your organisation:

Once an organisation decides to adopt a zero trust strategy, the IT team should initially focus on the use case that will deliver the most immediate positive

Research has shown that the most common zero trust use cases include those that focus on things such as providing access for contractors, application access during a merger or acquisition, providing an alternative for VPNs, and supporting multi-cloud access.

Doing nothing is not an option

During times of rapid change, it can be tempting to put your head down and simply continue with business as usual. This, however, is no longer an option. Adoption of cloud platforms and the ongoing rise in mobility means IT teams need to recognise that the game has changed.

Now is the time to understand the benefits that a zero trust strategy can deliver to your organisation and how it can prepare you for future challenges and opportunities.

Read 4636 times

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.




Recent Comments