Building a zero trust environment

June 2019 IT infrastructure, Integrated Solutions

New technologies and trends, including the mobile workforce, BYOD, IoT, digital transformation, and the consumerisation of IT, are shifting identity and access management to the very core of digital organisations – the IT environment is becoming increasingly distributed.

So says Adeshni Rohit, business unit manager for Cisco at Axiz, adding that as the IT environment becomes more distributed, all these technologies, while delivering significant benefits and value, are ultimately widening the attack surface and greatly increasing enterprise risk. “What is crucial is that the way we secure today’s businesses under the digital age has changed. Perimeter security, which acts as layers around our valuable assets, is ineffective. We are trying to protect our data, and need to start building that protection around our IP and other information assets.”

Moreover, she says today’s data centres are becoming fragmented, no longer constrained by the comfortable security perimeter of firewalls and VPNs we so carefully constructed over the last decade. “Protecting today’s cloud-based, mobile enterprise requires a whole new approach. Although it is impossible to control the whole security stack for every cloud application, it is possible to employ tools and new identity standards to fill the gaps left by the disappearance of the traditional perimeter as we once knew it.”

IAM (identity and access management) that was once about defining and managing the roles and access privileges of individual users across the company, and under which circumstances in which users are granted or denied access privileges, has changed, explains Rohit. “It now goes far beyond a tool used to manage user identities and access, is it used to uniquely profile users, track their needs and behaviours, and drive security and efficiency.”

Traditional security architectures were designed with two groups in mind, trusted individuals, who need to be able to access everything inside the business, and untrusted ones, who are kept at arm’s length. There was a time, she says, when the tech department threw money at the latest and greatest defensive tools that formed a barrier between the two types of users, and emphasised securing the network perimeter, usually with firewalls. And this worked for a while, the barrier kept potential threats at bay and attackers out. But it also caused problems, because should the barrier fail, or a bad actor find a chink in its armour and gain a foothold on the company network, they would effectively have carte blanche over anything and everything on the organisations systems.

According to Rohit, another problem was the increased adoption of mobile and cloud technologies, that sees more work being conducted outside the safety of the company network. “This effectively breaks down the barrier between the two types of user, and the network perimeter becomes increasingly difficult to enforce. Employees, contractors, partners and suppliers, all access company data from beyond the traditional perimeter. In today’s cloud and mobile world, more individuals access more and more resources and data from a wide range of devices. And it only takes one attacker to wreak havoc within the company network, which means that businesses can no longer assume trust across any part of the IT environment, which throws away the idea of a trusted internal network and versus an untrusted external network.”

Identity is the common denominator, she adds, and the new security perimeter. “It is the only hope of securely connecting a vast ecosystem of users, devices and locations. And this is where zero trust comes in. Zero Trust is a security framework, developed by Forrester Research analyst Jon Kindervag in 2009. With zero trust, organisations cannot automatically trust anything inside or outside their perimeters. They need to verify anything and everything that is trying to connect to its systems, before it grants any access at all.”

Zero trust security rids security teams of the notion that organisations should have a ‘trusted’ internal network and an ‘untrusted’ external network. Technologies such as IoT, mobile and cloud mean that a network perimeter-centric view of security no longer works. What is needed now, is the ability to securely enable access for all users, including staff, third-party partners, contractors, suppliers and suchlike, irrespective of where they are located, or which device and network they are using.

In this way, a zero trust model makes sense. “In today’s security landscape, it’s not about the network any more, it’s about the people who access your systems, and the access controls for those people. This is where identity comes in, and making identity the foundation of zero trust. ‘Never trust, always verify’, is the key principle here. In this way, on the right people have the right level of access, to the right resources, in the right context, at the right time. And all this access is assessed on an ongoing basis, without impacting on the user at all,” says Rohit.

However, she says choosing the right IAM solution is critical. “Beginning a zero trust journey by employing a mixture of on-premises and cloud applications that are not well integrated, means the IT department will be burdened with the task of managing disparate identities across a number of systems. The user is encumbered with having to remember multiple, and therefore most likely weak passwords, and a lack of visibility and ownership over these fragmented identities leaves IT and security teams with massive gaps for threat actors to slither through.

This is why Axiz builds ecosystems to help its partners with their identity and access management needs, explains Rohit. “We help our customers to choose solutions that can scale to meet the needs of any business, from the smaller SMEs to today’s largest corporates, using thousands of integrations, cloud and on-premise, to securely connect everything, giving organisations the ability to easily manage single sign-on, provision users, and synchronise data across apps and systems.”

For more information, contact Axiz, +27 11 237 7000, emma.shirene@axiz.com, www.axiz.com


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

A customised solution for backup power
August 2019, Specialised Battery Systems , News, Integrated Solutions
Specialised Battery Systems designed and implemented a bespoke solution for Stallion Security Electronics to deploy at almost any site.

Read more...
Double dose of storage security
August 2019 , Products, IT infrastructure
The integration of InfiniBox and SafeNet KeySecure platforms brings data-at-rest encryption together with centralised logging, auditing capability.

Read more...
Augmented security with drones
August 2019, Drone Guards , Editor's Choice, Integrated Solutions
Drone Guards is moving into an untapped market of using drones to secure residential estates and other high-value assets such as mines, farms and commercial properties.

Read more...
10 things to consider when shopping for a VMS
August 2019, Genetec , CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Today’s video management systems (VMS) provide a wide range of tools and capabilities that help make security personnel more efficient by allowing them to focus on what really matters.

Read more...
How far are we really at with artificial intelligence?
August 2019, Axis Communications SA , Editor's Choice, CCTV, Surveillance & Remote Monitoring, IT infrastructure, Residential Estate (Industry)
Justin Ludik unpacks exactly how far AI has come and what it potentially can do for society and more importantly, surveillance.

Read more...
From fog to foxes
August 2019, Axis Communications SA , Perimeter Security, Alarms & Intruder Detection, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
What makes radar devices so valuable is the fact that they can provide a high range of accurate data while barely relying on external factors, such as weather or light.

Read more...
The hidden claws of proof of concept
August 2019 , Editor's Choice, Integrated Solutions
Proof of concept is a proven methodology for testing new technologies, but it isn’t perfect, and it can be more of a hindrance than a help.

Read more...
Collaboration and tech key to safer, connected communities
August 2019 , Residential Estate (Industry), IT infrastructure
The advent of fibre-to-the-home has not only changed the way we work and play but has also heralded the launch of a number of advances for the security industry.

Read more...
Local manufacturing – challenges and opportunities
August 2019, Centurion Systems, Technoswitch, ZYTEQ Fire , Integrated Solutions
Local companies manufacture a diverse range of products for the security industry, and although they face challenges, there are opportunities out there too.

Read more...
Cyber tools and solutions
August 2019, Technews Publishing , Editor's Choice, Cyber Security, IT infrastructure, Residential Estate (Industry)
Hi-Tech Security Solutions looks at the various options we have when it comes to protecting yourself from the ever-growing scourge of cybercrime?

Read more...