When the street-smart cop played by Sean Connery in “The Untouchables” instructs Kevin Costner’s character about the realities of Prohibition-era Chicago, his first lesson regarding the ways of the world was simple: Trust Nobody.
The security world should apply a similarly blunt approach, particularly when it comes to rethinking dated assumptions about trust. The old school approach to security was to authenticate and determine trust of users at the edge of the network. If they were found to be trustworthy, they got in. If not, they got blocked. Unfortunately, you can never really truly establish complete trust.
Meanwhile, the once-popular castle-and-moat approach was found wanting when intruders were able to work their way inside of perimeter-based security through hacks and cracks in the walls. In response, the industry started to look for a new way to tackle enterprise security, one that was data-centric and comprehensive.
As I mentioned in an earlier blog, many enterprises are turning to Forrester’s Zero Trust model as a pragmatic blueprint to follow in order to up their security game. Zero Trust posits that threats are invariably going to come from every direction – external and internal. In our increasingly cloud-centric, mobile-centric world, there no longer are perimeters and data is spread out everywhere.
As a result, granular protection need to be applied to data itself, and controls must be implemented across all points of access to data, such as mobile devices, cloud workloads, and corporate networks.
In future blogs we will take a deeper look at each of the key “pillars” of Zero Trust, but at this point I’d like to dig a bit deeper to what it means in the context of network security controls. Let’s take a look at a Zero Trust Network.
The Zero Trust Network
In a Zero Trust network, nobody gets a free pass anymore – even if they are located inside the network perimeter. In fact, there is not really an overall network perimeter. The network has been segmented, and then segmented again. The result? A micro-segmented network, with lots of tiny perimeters.