Over the last several years, business has been cruising toward digital transformation. But the global pandemic slammed the foot on the accelerator for the majority of businesses around the world. Organizations rapidly shifted their organizations to remote work and ramped up use of cloud applications and services to enable their remote workforce. While making this transition, progressive IT leaders realized that to remain agile, competitive, and secure, they must also transform their network and security infrastructure to ensure they have the flexibility and capability to support business needs today and in the future.
A look at the classic models from years past
When applications were in the data center and users worked primarily from corporate offices or branch locations, it made sense to route all traffic through centralized data centers for security. The data center was the center of everything and all paths led there. So it was natural that we created a perimeter and protected everything within it. But the perimeter has vanished. And the traditional hub-and-spoke network and castle-and-moat security architectures were not built for a cloud and mobile world.
Organizations need a new approach to networking and security to ensure their employees can continue to work from anywhere, and their business remains agile and secure.
Trying to get extra miles out of an outdated engine
While there are different approaches to adapting in this new era, trying to extend legacy approaches is a bit like trying to get extra miles out of a motor you’ve had to rebuild more than once. It may work, but it’s a bit slow, introduces new challenges when using in modern applications, and increases risk. The first option, extending legacy network and security with firewalls and VPN, introduces performance-impacting latency, increases costs and operational overhead as the network is extended, and significantly increases the risk of lateral movement of threats as the number of users connecting via VPN increases. The second approach, moving perimeter firewalls to the cloud in the form of virtual appliances is costly, and dramatically increases the attack surface and the potential for data loss. Simply put, retrofitting legacy technology is a non-starter.
Shifting gears to a new approach
Protecting users, data, and applications in the cloud requires a fundamental shift in networking and security to a direct-to-cloud architecture and zero trust security model. While zero trust has been around for more than a decade, it’s only recently that technology and capability have come together to truly enable zero trust and all that it is meant to be.
Zero trust moves from the old model—with a flat network, defined segments, and trusting everything within them—to a model that inherently trusts no one. Trust is built upon identity and context and is continually reevaluated. Implemented correctly, zero trust provides the ability to securely connect entities, whether they are users, apps, machines, or IoT devices to resources using policy to determine what they can access and how they can access it. It then provides fast, seamless, and secure connectivity to those resources.
Tune up your zero trust strategy with NIST principles and Zscaler implementation
When it comes to zero trust, the National Institute of Standards and Technology (NIST) provides one of the clearest explanations of what you need, key things to think about, and best practices for implementation. The key tenets of zero trust according to NIST are as follows:
- All data sources and computing services are considered resources.
- All communication is secured regardless of network location.
- Access to individual enterprise resources is granted on a per-session basis.
- Access to resources is determined by dynamic policy—including the observable state of client identity, application/service, and the requesting asset—and may include other behavioral and environmental attributes.
- The enterprise monitors and measures the integrity and security posture of all owned and associated assets.
- All resources authentication and authorization are dynamic and strictly enforced before access is allowed.
- The enterprise collects as much information as possible about the current state of assets, network infrastructure, and communications and uses it to improve its security posture.
The Zscaler Zero Trust Exchange honors these key tenets and keeps your organization accelerating on the right track by securely connecting any entity to any application or service, from any location, using the principles of zero trust. Acting as a digital switchboard, all connections are filtered through Zscaler, eliminating the attack surface, connecting users directly to apps rather than the corporate network, and preventing passthrough connections that could threaten sensitive data.
Drive home your digital transformation with zero trust
While the pandemic may have slammed on the brakes for in-office work, the acceleration of remote and hybrid work requires a fine-tuned zero trust strategy. Learn more about how your organization can leverage a zero trust strategy to secure work-from-anywhere in the first installment of our zero trust webinar series: The Three Keys to Securely Accelerating Zero Trust.