Zero Trust is a network security model, based on a strict identity verification process. The framework dictates that only authenticated and authorized users and devices can access applications and data. At the same time, it protects those applications and users from advanced threats on the Internet.
This model was first introduced by an analyst at Forrester Research and although not entirely a new theory, it has become more and more important for modern day digital transformation and its impact on business network security architecture.
With the modern workforce becoming increasingly on the go, accessing applications from multiple devices outside of the business perimeter, enterprises have adopted a “verify, then trust” model which means if someone has the correct user credentials, they are admitted to whichever site, app, or device they are requesting. This resulted in an increasing risk of exposure, dissolving what was once the trusted enterprise zone of control and leaving many organizations exposed to data breaches, malware and ransomware attacks. Protection is now needed where applications and data, and users and devices, are located.
Users, devices, applications, and data are moving outside of the enterprise perimeter and zone of control.
New business processes driven by digital transformation increase risk exposure.
“Trust but verify” is no longer an option, as targeted, advanced threats are moving inside the corporate perimeter.
Traditional perimeters are complex, increase risk, and are no longer compatible with today’s business models.
To be competitive, businesses need a zero trust network architecture able to protect the enterprise data, wherever users and devices are, whilst also ensuring that applications work quickly and seamlessly.
IT needs to ensure that users and devices can safely connect to the Internet, regardless of where they are connecting from, without the complexity associated with legacy approaches. Additionally, IT needs to proactively identify, block, and mitigate targeted threats such as malware, ransomware, phishing, DNS data exfiltration, and advanced zero-day attacks for users. Zero Trust security can improve your security posture while reducing risk of malware.
Traditional access technologies, like VPN, rely on antiquated trust principles, which has resulted in compromised user credentials which have led to breaches. IT needs to rethink its access model and technologies to ensure the business is secure, while still enabling fast and simple access for all users (including 3rd party users). Zero Trust security can reduce risk and complexity, while delivering a consistent user experience.
Enterprise access and security is complex and constantly changing. Traditional enterprise technologies are complex and making changes often takes days (and often across many hardware and software components) using valuable resources. A Zero Trust security model can reduce FTE hours and architectural complexity.
If you opt for a simple VPN setup, you probably do what many companies do — you allow logged-in users to have IP-level access to your entire network. We know how dangerous this is. Why should call center employees have IP access to source code repositories? Or why should a contractor using your billing system have access to the credit card processing terminals? Access should be to just those applications needed in order to perform a role.
Enable your security teams to ensure that users and devices can safely connect to the Internet, regardless of where they are connecting from, without the complexity associated with legacy approaches.
A Zero Trust security architecture should not come at the expense of simplicity, user productivity, or experience.
For a quick win, start by provisioning access based on Zero Trust security principles to user groups, such as contractors, which are a high-risk group. Then determine a phase-out plan for legacy access for all users.
As the classic approach to enterprise security is no longer viable, businesses must shift to meet their users, applications, and data where they live — today, that means the cloud, as it offers increased and improved flexibility, collaboration, connectivity, and performance. Akamai has been a cloud-native company since our inception in 1998. Akamai is built on three fundamental pillars that differentiate us from other Zero Trust solution providers: our unmatched platform, our trusted brand, and our expertise.
Akamai CTO Charlie Gero discusses the earliest days of network design, the emergence of a global Internet platform, and the pitfalls of a network perimeter security model.