One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2015047 |
| Date de publication | 2020-11-04 12:00:00 (vue: 2020-11-04 12:05:53) |
| Titre | In Zero we trust |
| Texte | This blog was written by an independent guest blogger. The network is rapidly changing – What was once known as the ‘perimeter’ that comprised of a crunchy solid exterior with a soft chewy center consisting of endpoints has eroded into a mush of mobile devices, BYOD, IOT and hybrid cloud. Corporate applications and data are moving from on-premise to hybrid and cloud environments increasing cloud workloads by the day and enterprises want to give their staff the ability to access data anytime, anywhere - The location of applications, users, and their devices (which are sometimes unmanaged) are no longer static. Traditional perimeter security methods have done little to stem the flow of today’s cyber-attack reality and this is where Zero Trust Architecture (ZTA) comes to the rescue! ‘Zero Trust’ was first introduced by Forrester Research and considers ‘inherent trust’ as a critical vulnerability. The strapline for Zero Trust is ‘never trust always verify’- everything from the user’s identity to the application’s hosting posture is used provide least privileged access- even after authentication and authorisation in many cases. The National Institute of Standards and Technology (NIST) approach for Zero Trust, focused on 8 principles have been listed below: 1. All data sources and computing services are considered resources. 2. All communication is secured regardless of network location. 3. Access to individual enterprise resources is granted on a per-session basis. 4. Access to resources is determined by dynamic policy—including the observable state of client identity, application, and the requesting asset—and may include other behavioral attributes. 5. The enterprise ensures that all owned and associated devices are in the most secure state possible and monitors assets to ensure that they remain in the most secure state possible. 6. All resource authentication and authorization are dynamic and strictly enforced before access is allowed. 7. The enterprise collects as much information as possible about the current state of network infrastructure and communications and uses it to improve its security posture. Some of the key benefits of ZTA include: Helps reduce the risk of a breach Enhances visibility by discovering and classifying devices on network to discover and classify all devices on the network Supports regulation and compliance activities Greater control over cloud environments Enables digital transformation initiatives While there are many benefits of implementing ZTA, it is by no means straight forward to achieve and there are a few factors for any business to consider before embarking on a ZTA journey. Some of these factors are listed below - ZTA is not a product – it does not come in plug & play! ZTA programs can be complex, time consuming and expensive initiatives that need to be tailored to each individual organisations needs. The complex network infrastructures we see in today’s enterprises can present huge challenges if they are not micro perimeter compatible, leading to expensive redesign and testing which are potentially disruptive to business operations. Therefore, there needs to be a serious business case to invest in a ZTA. ZTA Requires Strong Data-Centric Context: In ZTA, verification and access controls are based on the data, not the platform or application. Therefore, enterprises need to identify what users, data and resources are connecting across the organisation. The key challenge is therefore mapping the flows of sensitive and critical data, identifying who needs to have access to it and then segmenting/zoning the network |
| Envoyé | Oui |
| Condensat | ‘inherent ‘never ‘zero ability about access achieve across activities after all allowed alongside always answers any anytime anywhere application application’s applications approach architecture are asset—and assets associated attack attributes authentication authorisation authorization backbone based basis been before behavioral below below: benefits blog blogger breach business byod can case cases center centric challenge challenges changing chewy classification classify classifying client cloud collects come comes communication communications compatible complex compliance complicated comprised computing conclusion connecting consider considered considers consisting consuming context: control controls core corporate credentials criminals critical crucial crunchy current cyber data day determined devices difficult digital discover discovering disruptive does done dynamic each embarking enables endpoints enforced engineering enhances ensure ensures enterprise enterprises environments eroded even everything exercise expensive exterior factors finding first flow flows focused form forrester forward from fulfil fundamentals give granted greater guest harder has have hear helps hosting huge hugely hybrid identify identifying identity implement implementing improve improvement include include: increasing independent individual information infrastructure infrastructures initiatives innovative institute introduced invest involving iot its journey key known largescale leading least legacy listed little location longer make many mapping may means methods micro mobile monitors more most moving much multiple mush national need needs network networks nist not observable once operations organisation organisations other over owned people per perimeter permeate platform play please plug policy—including possible posture potentially premise present principles privileged process product program programs protect provide rapidly reality rearchitect reconfigure redesign reduce regardless regulation remain requesting requirements requires rescue research reside resource resources risk secure secured security see segmentation segmenting/zoning sensitive serious services session should simplicity social soft solid some sometimes sources staff stakeholders standards state static steal stem stolen straight strapline strategy strictly strong supports systems tailored technological technology testing then therefore these through time today’s topic traditional transformation trust trust’ trying unmanaged used user’s users uses valuable verification verify’ video view visibility vulnerability want ways what where which who whom workloads written zero zta |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.