A strategy focused on in-depth defense along with a layered security approach is essential.
By Nick Hawkins
Enterprise security has been a topic of conversation that has been gaining momentum as we speak. The spending on information security products and services in India is projected to reach $1.7 billion in 2018 with an increase of 12.5% from 2017, indicating that enterprises today are focused on building detection and response capabilities within their organisations. While enterprises need to embrace cloud architecture to successfully transform the business, the important aspect is to not compromise on security. There is a need for enterprises across industries to understand and comprehend the Zero Trust journey.
Previously, organisations used to have their data centres and networks within a zone of control. They would trust what was on the inside, and be cautious about things coming in from the outside. The infrastructure that companies rely on now includes the internet and the cloud, and as infrastructure is more software-defined, its physical location becomes more fluid.
Network infrastructure connects enterprises with customers, mobile employees, and third parties and these interactions necessarily cross the traditional perimeter. The Zero Trust model works on the premise of always verifying while never trusting. It means that businesses only deliver apps and data to authenticated and authorised users and devices, while inspecting traffic proactively.
The second part to this is preventing malware and DNS-based breaches while ensuring fast and reliable apps. The transition to a Zero Trust model entails a different security architecture along with a change in the mindset. Security policies and controls have to be applied based on where they would work best. It is important to find the fastest communication path between two endpoints followed by implementing the right security controls in the middle of that path.
Most security professionals who have grown up in the network management world are used to having routers, firewalls and network packets as the basic tools of the trade. In this evolving ecosystem, it is important to move up to the application layer. The goal is to secure the interactions with applications regardless of what networks they are running on top of, because they’re running on networks that enterprises might not have control over.
A secure in-depth defense system is achievable with a multi-layered approach to security that continually adjusts to newly formed attacks on a frequent basis. A strategy focused on in-depth defense along with a layered security approach are keys to implementing scalable and secure networks built around the zero trust premise.
With cybersecurity hygiene left close to the end-user in most cases, it’s time to stop feeling safe behind perimeters that no longer exist and move to build a Zero Trust security fortress on the cloud.
The writer is senior director, Product Management, APJ, Akamai