Zero Trust Plus Zero Touch Equals Exponential Benefits
By: Mohie Ahmed
Apps are increasingly moving to the cloud, especially as more and more people are working remotely and expect to access them from anywhere, any time, on multiple devices. Despite that, the way enterprises secure access to applications has largely remained unchanged, as they are still focused and dependent on the corporate network perimeter.
The new reality is that there is no longer a “physical” perimeter. In fact, the perimeter is now defined as the people who access networks and cloud applications.
Because of this, more attention is being paid to the “Software Defined Perimeter” (SDP) and supporting that, enterprises are investing in new security architectures to manage the expanding SaaS portfolios they have in place, and the related sprawling attack surface.
This is where ZERO TRUST comes in.
The principle of least privilege (PoLP), which is also known as the principle of least authority, has been an essential aspect of IT security for many years; the most mission-critical enterprises have been embracing the concept behind “zero trust” for decades. It is not a “product” or “platform” per se, but it is a security framework based on the model of “trust no one.” User trust is not granted until the user can be authenticated and authorized. The history of the zero-trust journey coincides with the mass adoption rate of mobile devices and devices connected to the Internet, including computers, IoT, APIs, applications and services that require access to the corporate network.
As the world became increasingly mobile, users were no longer connecting from their computer at the office and began using their own personal devices (BYOD or bring your own device). With the new technology came new security breaches, including zero-day vulnerabilities, which revealed weaknesses in token-based 2FA solutions. This heightened the enterprise IT team’s focus on preparation for zero-day attacks.
The evolution of zero trust forces us to think beyond the firewall and expand the perimeter to anywhere, to ensure protection from stolen or lost credentials, and to protect access to all applications.
81% of breaches target identity through phishing and spear phishing of compromised credentials. Establishing user trust eliminates an incident before it happens.
We appreciate Forrester’s Zero Trust eXtended (ZTX) Ecosystem, which has evolved into a holistic approach to securing data, network, workforce, workloads, and workforce with “monolithic perimeters” into a series of micro-perimeters or network segments to apply granular security controls around them. Here are three pillars:
- Zero Trust Workforce: Authenticate users and continuously monitor and govern their access and privileges
- Zero Trust Workloads: Enforce controls across the entire application stack, especially connections between containers or hypervisors in the public cloud
- Zero Trust Data: Secure and manage data, categorize, and develop data classification schema, and encrypt data at rest and in transit
This is all good, and Ironsphere’s solutions address Zero Trust inherently.
But where does Zero Touch come in?
To configure and manage state-of-the-art Zero Trust framework, especially for large, complex global enterprises, like those we are honored to serve, is hard. It is impossible without Privileged Task Automation, which we have pioneered in the industry.
Ironsphere’s Privileged Task Automation Manager simplifies and automates daily routine tasks and provides a smart programmable interface that supports pre-check, execute, post-check, and roll-back steps.
- Visual, flexible, agile platform for troubleshooting automation.
- Combine automated scripts and IT tasks with human interaction.
- Improves incident management process and reduces down-time.
- Enables error-free configuration changes and eliminates potential service outages.
- Granular control. Delegates tasks to users instead of delegating privileges.
- Reduces operational costs and improves operational efficiency.
- Automates repetitive and routine tasks.
- Schedule tasks to augment after-hours workforce.
- Centralized visibility of business processes and workflows.
- Easy to integrate other IT systems through a restful API and adapter-based approach.
- Schedule and execute tasks based on monitoring and performance-driven events and alerts.
- Orchestration and automation of IT processes that require multi-system integration.
- Workflow-based network configuration and execution with sophisticated validation.
- User and workflow-based activity logging and executive reports.
- Multi-level and multi-type authorization scenarios with role-based access management.
- LDAP, TACACS+, RADIUS, and Local User-based authorization and authentication scenarios.
- Device discovery for detailed equipment inventory and multi-vendor support.
- Adapter based protocol support including SSH, TELNET, SNMP, XML, NETCONF, JDBC, RESTFUL.
When you combine Zero Trust with Zero Touch, you get excellent security coverage without drops in productivity, using software to also ensure precise, efficient, and effective protection. You can learn more about Ironsphere’s PTA here.
Security automation is now a top concern for enterprises as the attack surface expands given more remote workers, more devices, and new attack vectors in the cloud.
Automation is rising because IT leaders are realizing it paves the way to reducing risks, gaining greater visibility into their networks, and getting the most from their security investments.
Automation technologies, from Robotic Process Automation (RPA), to Artificial Intelligence (AI) and Machine Learning (ML), are transforming business processes and operating models. These are relatively new categories, and most enterprises do not yet have the skills to implement automation technologies successfully, including Privileged Task Automation (PTA) associated with a robust Privileged Access Management (PAM) posture.read more
We look forward to Verizon’s increasingly epic Data Breach Investigations Report (DBIR) each year, because each year the reports go deeper and spot new trends every professional responsible for guarding their organization’s assets must read.read more