NC May-Jun 2022

More documents

Recommendations

Info

FEATURE: ZERO TRUST ZERO TRUST: THE TRUTH IS OUT THERE THE CONNECTED WORLD IS A CHANGED WORLD, AND ENTERPRISES CAN NO LONGER ASSUME THEY HAVE FULL CONTROL OVER CLOSED NETWORKS, ACCORDING TO MATTHEW MARGETTS, DIRECTOR OF SALES AND MARKETING AT SMARTER TECHNOLOGIES The COVID-19 pandemic further accelerated the new normal, which shifted a large proportion of the workforce to remote working and forced businesses to increase their use of cloud platforms to support a variety of devices and networks. Unfortunately, criminals can take advantage of this upheaval and attempt to increase network infiltrations for nefarious gains. The truth is that legacy security solutions cannot support a Zero Trust network. In the legacy model, security measures are reliant on a closed perimeter security model that assumes that all users and applications are coming from the same network location and entry points. This approach is no longer sufficient, which is why Zero Trust security is becoming the preferred network security architecture. WHAT IS ZERO TRUST SECURITY? Zero Trust architecture is an approach to IT system design where inherent trust in the network is removed. The network is assumed to be hostile, and each request is verified based on an access policy. Regardless of the device, network and user activity, Zero Trust architecture is built on access management checks at every level. The National Cyber Security Centre (NCSC) says: "In a Zero Trust architecture, inherent trust is removed from the network. Just because you're connected to a network doesn't mean you should be able to access everything on that network. This is commonly seen in breaches; an attacker gains a foothold in a network and is able to move laterally because everything on the network is trusted. In a Zero Trust architecture, the network is treated as hostile." The key concepts of Zero Trust are: The network is hostile and should be treated as compromised Inherent trust is removed from the network Every request to access data or a service should be authenticated and authorised against an access policy Gain confidence dynamically by continuously evaluating the trustworthiness of connections THE 8 DESIGN PRINCIPLES OF A ZERO TRUST NETWORK The NCSC has introduced eight Zero Trust architecture design principles that are paving the way for future networks for the government. These eight principles are intended to help the public sector and large organisations to implement a Zero Trust network architecture in an enterprise environment. 1. Know your architecture, including users, devices, services and data 2. Know your user, service and device identities 3. Assess user behaviour, service and device health 4. Use policies to authorise requests 5. Authenticate and authorise everywhere 6. Focus your monitoring on users, devices and services 7. Don't trust any network, including your own 8. Choose services that have been designed for Zero Trust. Let's take a closer look at the eight principles' objectives: 1. Know your architecture, including users, devices, services and data To get the benefits from Zero Trust, you need to have a clear understanding about each component of your architecture so that you can identify: Where your key resources are The main risks to your architecture How to avoid integrating legacy services that do not support Zero Trust 2. Know your user, service and device identities An identity can represent a: User (human) Service (Software Process) Device Each identity should be uniquely identifiable in a Zero Trust architecture. This is the most 12 NETWORKcomputing MAY/JUNE 2022 @NCMagAndAwards WWW.NETWORKCOMPUTING.CO.UK
FEATURE: ZERO TRUST important factor in deciding whether or not something or someone should be allowed access to data or services. 3. Assess your user behaviour, devices and services health The most important indicators when looking to establish confidence in the security of your systems are: User behaviour Service health Device health Zero Trust policy engines need to be able to measure user behaviour, device health and service health. 4. Use policies to authorise requests The power of a Zero Trust architecture lies in the defined access policies. Each request for services or data should be authorised against a specific security policy. These policies also help to facilitate safer sharing of data or services with partner organisations or guest users. The key characteristics of a policy engine in a Zero Trust architecture are: Uses multiple signals Provides a secure and flexible access control mechanism Adapts to the resources being requested 5. Authenticate & authorise everywhere Any authentication and authorisation activities should consider multiple signals, such as: Device health Device location User identity Status to evaluate the risk associated with the request. Because the network is assumed to be hostile, a Zero Trust architecture ensures that all connections that access your organisation's data or services are authenticated and authorised. 6. Focus your monitoring on users, devices and services In a Zero Trust architecture, monitoring should always link back to the policies you have set with regards to gaining assurance. A Zero Trust monitoring strategy focuses on individual users, user behaviour, devices and services to help organisations establish their health. 7. Don't trust any network, including your own In a Zero Trust architecture, traditional user protections such as phishing protection and malicious website filtering may be implemented differently and may require different solutions. A key principle of Zero Trust is to remove inherent trust from any network between a device and a service - including the local network. Any communication over a network to access data or services should use a secure transport protocol to ensure that the traffic is protected in transit and is less susceptible to threats. 8. Choose services designed for Zero Trust Not all services support Zero Trust, which means that they may require additional resources to integrate Zero Trust architecture. This causes an increased support overhead, so it's advisable to consider alternative services and products that have been designed with Zero Trust architecture in mind. Products with Zero Trust capabilities allow for easier integration and simpler interoperability. ADOPTING ZERO TRUST PRINCIPLES IN YOUR ORGANISATIONS If you are new to Zero Trust or if you're unsure whether it is the right network architecture for your needs, it's a good idea to engage with a digital transformation partner to help you design and review a Zero Trust architecture that meets your organisation's specific requirements. NC WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards MAY/JUNE 2022 NETWORKcomputing 13
Page 1: NETWORKcomputing I N F O R M A T I
Page 4: CONTENTS CONTENTS M A Y / J U N E 2
Page 7 and 8: INDUSTRY NEWS The Council, which ha
Page 9 and 10: PRODUCT REVIEW TREND Networks LanTE
Page 11: PLEASE VOTE NOW Many thanks to ever
Page 15 and 16: FEATURE: ZERO TRUST A BETTER NETWOR
Page 17 and 18: PRODUCT REVIEW CloudCall - The CRM
Page 19 and 20: FEATURE: PUBLIC SECTOR IoT IoT: THE
Page 21 and 22: FEATURE: PUBLIC SECTOR IoT investme
Page 23 and 24: FEATURE: CLOUD SECURING THE NEW HYB
Page 25 and 26: FEATURE: CLOUD So what's going on?
Page 27 and 28: PRODUCT REVIEW Progress WhatsUp Gol
Page 29 and 30: OPINION: CYBER RESILIENCE knowledge
Page 31 and 32: PRODUCT REVIEW Fluke Networks Fiber
Page 33 and 34: OPINION: DATA CENTRES but also allo
Page 36: SUPERMICRO Edge Building Blocks Acc

NC May-Jun 2022

Create successful ePaper yourself

Delete template?

Save as template?