The Zero Trust security model, or Zero Trust architecture, is nothing new. Developed by an industry analyst over ten years ago, it is finally gaining acceptance as an effective model for enterprise security. Its core principle rests on regulating and authenticating privileged access to enterprise data and systems. However, Zero Trust is a huge and complex operation, spanning enterprise datacentres, private and public clouds, and a growing number of edge connections.
Zero Trust encourages CISOs and their teams to adopt a completely new mindset, by giving them the tools to conduct a thorough risk analysis of what is happening inside and outside the corporate perimeter. Traditionally the focus has always been on assessing and addressing external threats.
Recent history has shown that threats closer to home, such as surreptitious breaches that lie dormant for weeks, or even months, pose just as bigger risk to the business. Security operations can use it to apply the same level of risk to both internal and external connections to qualify threats, monitor them and minimise their impact.
Let us take a step back. To understand how security operations can master Zero Trust we need to start by acknowledging that enterprise security is not a homogenised entity, it is made-up multi-vendor solutions run by disparate and often siloed teams. There are many different layers to enterprise security and automation is already helping security operations teams to integrate and share accountability.
It has given way to automated processes and workflows that encourage a more open culture of collaboration. Opening new channels of communication that have allowed once disparate teams to exchange views, resolve issues and put forward new ideas. It has even helped security operations teams forge closer links with ITOps and NetOps colleagues, helping to create a more seamless, fluid and ultimately secure environment.
This all becomes possible when security organisations adopt an open framework that is based on a universal and easily accessible programmable language. It has allowed teams from different domains to communicate with each other, share critical information and grant access to various systems and applications. If paired with the appropriate management layer, this model is ideal for professionals managing complex environments, comprising solutions from multiple vendors.
Having a better understanding of each other’s roles and responsibilities actively encourages security and IT teams to cooperate and work together as a unit. Harnessing automated systems that help to galvanise the enterprise security function, can drive new processes and reduce human error.
The shift to automation comes at a time when enterprises are subject to malicious attacks. The risks posed by security breaches have been elevated to board level after several high-profile cases. Security automation can provide businesses with the means to tackle these issues head-on. It can also provide the foundations for Zero Trust.
“There are many different layers to enterprise security and automation is already helping security operations teams to integrate and share accountability”
Once inside, internal threats tend to move laterally, disrupting systems, corrupting or removing data. They can wreak havoc if left unchecked. Zero Trust security architectures are underpinned by a segmented environment that limits the movements of attackers, isolating them and reducing their impact.
In a Zero Trust environment all users, devices and applications are assigned a profile, based on techniques like digital identity, device health verification and application validation. They are then granted restricted access based on their profile. This prevents attackers from moving around freely, but it is also a precise and methodical process that provides and maintains genuine users and resources access, as and when required.
Micro-segmentation is just one aspect of a Zero Trust strategy, but it demonstrates the magnitude of the operation. Enforcing granular permissions based on the profile of the user or digital asset is a complex process. Automation provides the means to perform these actions programmatically and at scale. It also ensures that new technologies and solutions can be constantly added either to support, or replace, existing systems to ensure actions are performed in line with Zero Trust policies.
Faced with a backdrop of emergent threats and an enterprise environment that is constantly evolving, automation provides the means to adapt quickly. Policies can be rewritten, while systems and processes can be reconfigured to deal with sudden changes or requests. This can be done at a micro level, dealing with very specific issues, or on a broader macro level, dealing with enterprise-wide issues.
Overall, an efficient automation platform allows security teams to coordinate multiple technologies, ecosystems and vendor solutions, across on premises and cloud environments. It helps to streamline processes and drive efficiencies. It supports the Zero Trust model as it allows organisations to prototype, enforce and eventually update their security policy framework, no matter how big or complex that framework happens to be.
It can help teams to scale exponentially to support business and environmental changes. It can give them a higher level of control over their environment, allowing them to better manage risk and address the needs of a constantly evolving landscape.
Open source is integral to automation in much the same way as it is playing a vital role in supporting other key enterprise functions. CISOs appreciate that open-source solutions are now fully integrated into the enterprise IT stack and fight to ensure they come with end-to-end, enterprise-grade support. This provides the freedom and flexibility to engage with digital communities to help drive innovation, but also to implement reliable solutions that underpin a comprehensive security automation strategy.
Zero Trust allows enterprises to develop a security strategy from the inside out, but it requires careful planning, execution and continuous management. Security automation helps security operations and IT teams to collaborate and form a shared security practice while managing the scale and complexity of the infrastructure they have to protect and manage. Between them they can throw a protective layer across distributed cloud and IT infrastructures. Using automation, they can share processes and information to quickly identify, diagnose and neutralise issues before they escalate.
- Zero Trust requires careful planning, execution and continuous management.
- Zero Trust’s core principle rests on regulating and authenticating privileged access to enterprise data and systems.
- Efficient automation platform allows security teams to coordinate multiple technologies, across on premises and cloud environments.
- CISOs appreciate that open-source solutions are now fully integrated into the enterprise IT stack.
Massimo Ferrari of Red Hat discusses how security and IT operations teams can work together to implement Zero Trust and improve security posture across hybrid cloud infrastructures.