Traditional approaches to security simply can’t keep pace with the varied ways in which workers access cloud resources. An increasingly popular cloud security approach called zero trust takes the stance that all users and devices are suspect until validated and approved through a combination of tools and techniques.
A core focus of zero trust is the segmentation of the network based on location and hosting models. In order to work effectively, zero trust needs to be integrated with cloud brokering systems and end-user solutions. But it addresses challenges in a number of areas:
Endpoints and Users: With new technology that pulls in contractors and other third parties, in addition to bring-your-own-device (BYOD) programs with additional endpoints, plus internet of things (IoT) multiplying the number of devices accessing the network, more access control and monitoring is critical.
Cloud Services: Many companies are utilizing multiple cloud solutions, including data storage software and collaboration solutions, and even platform as a service (PaaS) and infrastructure as a service (IaaS). Controlling access to these services is a challenge for most organizations.
Remote Users: The hub-and-spoke, virtual private network (VPN) model used to equip remote access prior to the pandemic is no longer considered adequately secure or effective because security controls have traditionally been on premises. A change is needed in terms of access control and monitoring.
In Versus Via
There are two broad areas that cloud security teams address when adopting a zero trust approach. The first is they must look at security controls that are usually integrated into endpoints. The company can introduce a layer of security policy that travels with the endpoints, providing a strong way to protect data, regardless of location. The second is a central brokering solution that controls where and how access is allowed. There are two distinct ways to make this happen: zero trust in the cloud and zero trust via the cloud.
Zero Trust in the Cloud: This strategy is implemented through a cloud service provider, using microsegmentation which extends into individual workloads, inspecting binaries, components and behavior. Rather than eliminating the perimeter, zero trust uses microsegmentation with policy and monitoring to move that perimeter closer to apps and protected surface areas. It’s governed by centralized policy.
Zero Trust via the Cloud: Offered through brokering services providing zero trust network access and cloud access security brokering, this approach focuses on end-user access to cloud services. It includes a number of components, including authentication and authorization of endpoints and users, access policies that assess group privileges and behaviors, browser isolation and sandboxing to reduce the risk of malware, and content filtering and loss protection.
Zero trust cloud security continues to evolve to meet the ever-changing needs of different environments. If your organization is considering a zero trust strategy, but you aren’t sure of the best way to apply it in your situation, contact us at Safari Solutions. Our focus is guiding you in your selection of solutions and strategies that address not only specific challenges but also serve to move your comprehensive technology plan forward.