Story image

Organisations need to adopt a zero-trust approach

19 Jan 2016

Organisations need to change their attitudes when it comes to network security, and must acquire a zero trust approach to prevent disruption inside corporate networks.

That’s according to UXC Saltbush, who says new innovations are creating more opportunities for cyber criminals to get inside an organisation’s network.

“Managing information security for corporate networks has always been difficult,” says Clem Colman, principal consultant at UXC Saltbush.

“However, the ability to meaningfully inspect traffic coming in and out of the network isn’t keeping up with the threats. Innovations including web, digital, and cloud have accelerated the problem, giving cyber criminals new opportunities to attack,” he says.

“The other problem is that users no longer want to live inside the corporate network (the fortress, if you will); they want to access enterprise information and systems from wherever they are using whatever device they have on hand,” Colman explains.

“Also, the assets organisations are charged with protecting are also rapidly decamping beyond the castle gates into the cloud,” he says. “The battleground has moved and the challenge now is making sure organisations have the right capabilities in the right places for the next round.”

This challenge to deliver services securely anywhere and anytime means organisations need to decouple network security from network topology,” says Colman.

“In other words, the ability to protect assets, information, and users can no longer be contingent on them living inside the fortress; the protection needs to go with them to wherever they want to be or where market forces increasingly dictate they need to be.”

According to Colman, the first part of addressing this change is to avoid thinking of networks as being divided into trusted, untrusted, and semi-trusted.

“While such terminology isn’t entirely without value, those labels can lead to dangerous assumptions,” he says.

“For example, when a system in the trusted part of the network is compromised it can potentially leverage this trust to attack its neighbours. What’s more, it can usually do so without fear of being detected by the corporate defences, because they’re mostly focused on the boundary between trusted and untrusted parts of the network,” Colman explains.

“A conceptual model to help organisations understand how to address this challenge is the Zero Trust Network,” he says.

The premise of Zero Trust is that trust shouldn’t be assumed between network actors regardless of location. It follows that protection should be applied to the smallest indivisible network actors such as laptops, smartphones, servers, desktops, and storage.

“Zero Trust gives organisations a model for addressing the existing security challenges within the fortress: you can’t trust your neighbours just because they live in the trusted zone of the network,” Colman explains.  

“Zero Trust also gives us a model for dealing with users and systems that live outside the fortress because its fundamental principle has universal applicability: every network participant needs to protect itself,” he says.

According to Colman, pressure from cloud, mobile workforces, and the changing nature of corporate networks is going to disrupt much of the existing, fortress-based approach to information security.

But the reality is, those defences have been crumbling for years, he says.

“Many IT security experts are responding by either trying to extend the fortress, or build more fortresses, and that strategy will remain valid in certain situations,” Colman explains.

“But Zero Trust offers organisations a model for consideration that treats the shortcomings of current security models and, equally importantly, positions them to support the likely future state of corporate networks.”

Cryptomining apps discovered on Microsoft’s app store
It is believed that the eight apps were likely developed by the same person or group.
A multi-cloud approach - what is in it for me?
OVH CEO Michel Paulin explains the benefits of a multi-cloud approach to an organisations digitalisation and what to consider before implementation.
IDC: Top 10 trends for Australia’s digital transformation
The CDO title is declining, 35% of us will be working with bots, the Net Promoter Score will be key to success, and more.
Why the IT service integration market is becoming highly automated
"The SIAM market is not large, but it is one of the fundamental pillars of every digital transformation strategy."
Intel and Rakuten partner to address 5G network gap
“We believe this full end-to-end virtualised network will help us to shift away from reliance on dedicated hardware and legacy infrastructure.”
Exclusive: How Australian businesses can foster customer loyalty with CX
From boardrooms to meeting rooms, there’s an overwhelming recognition of the importance of CX, particularly when it comes to building customer loyalty.
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
HCL and IBM collaborate to encourage global hybrid cloud uptake
HCL announced a collaboration with IBM designed to help advance the hybrid cloud journeys of organisations worldwide.