NC May-Jun 2022

More documents

Recommendations

Info

FEATURE: ZERO TRUST ZERO TRUST ARCHITECTURE: 5 REASONS YOU NEED IT ADRIAN TAYLOR AT A10 NETWORKS EXPLAINS WHY A ZERO TRUST ARCHITECTURE IS THE IDEAL WAY TO MITIGATE A BREACH IN YOUR NETWORK There's a relatable metaphor that best describes how network security architectures have evolved. People living in small towns usually know all their neighbours, so hardly anyone locks their doors. But for people living in bigger towns, it's much harder to know who their neighbours are, so everyone starts locking their doors. People not only lock their doors, they also install security systems, put bars on their windows, and might even get a guard dog. In other words, when you have limited risk, your network security architecture can be simple but as the risks become greater - when certainty in your security decreases - then you need to rethink how to keep your property safe. As a consequence, security becomes more complicated. In the late '80s through the early '90s, network security was simple; once an entity (a person, a machine, a process) was inside your network and authenticated with your security service it was assumed that entity was trustworthy. Of course, this couldn't last for long. As networks started to become more central to business operations and the need arose for external connections for business partners, network complexity increased exponentially. By the late '90s, these networks began connecting to the internet, and by the 2000s, hundreds of service providers complicated networks further by offering software-as-a-service (SaaS). THE END OF SIMPLE NETWORK SECURITY By 2010, the network no longer had a single, unbroken network perimeter. It had become "porous" to support mobile and remote workers, as well as business partners and new third-party services. "One and done" authentication of entities requesting access became inadequate. You could no longer assume that anyone on your network, including your staff, could be trusted. 14 NETWORKcomputing MAY/JUNE 2022 @NCMagAndAwards WWW.NETWORKCOMPUTING.CO.UK
FEATURE: ZERO TRUST A BETTER NETWORK SECURITY ARCHITECTURE In 2010, John Kindervag, an analyst at Forrester Research, wrote a paper that popularised the idea of the Zero Trust architecture. Over the next few years, as enterprise computing embraced cloud computing and the problems with perimeter security became more pressing, the concept of the Zero Trust architecture gained traction. The fundamental concept of the Zero Trust architecture is simple: Never trust, always verify. HOW TO BUILD A ZERO TRUST ARCHITECTURE Zero Trust network architectures have four main requirements: The use of micro-perimeters and microsegments to restrict traffic flow and limit user privileges and access as much as possible. Micro-perimeters take the concept of a secured network perimeter that defines what is inside of the network and what is outside and applies similar access controls to smaller groupings of network entities, sometimes even to a single device. Micro-segmentation creates zones within data centres and cloud environments to isolate workloads and secure them individually Effective incident detection and response using comprehensive analytics and automation Integrated multi-vendor network solutions to ensure seamless compliance and unified cybersecurity Comprehensive and centralised visibility into all entities and workflows including users, devices, data, the network itself, and workflows. Including visibility into all encrypted communications. To reiterate, the Zero Trust security architectures are based on not trusting anyone or anything on your network. Every access attempt by any entity, even if known, must be validated at multiple points to make sure no unauthorised entity moves into or within the network without being detected. Making a Zero Trust network work requires in-depth traffic inspection and analytics. Central to this is the use of SSL inspection solutions that decrypt and analyse encrypted network traffic (sometimes called "break and inspect") to ensure policy compliance and maintain privacy standards. By monitoring encrypted traffic to detect suspicious network communications and malware payloads as well as attempts to exfiltrate controlled data, for example, credit card and social security numbers, SSL inspection makes it possible for the Zero Trust model to protect networks from both internal and external threats. WHY YOU NEED TO MIGRATE TO A ZERO TRUST SECURITY ARCHITECTURE Here are the five crucial reasons to move to a Zero Trust network: The complexity of your network - the number of users, where they work, the devices they use, the number of workloads, your use of SaaS, a hybrid cloud environment, and so on - is just going to increase. A Zero Trust network reduces the complexity of securing your assets and isolating problems As the complexity of your network is increasing rapidly, the attack surface of the network has also expanded. To reduce vulnerability and regain control, you must establish microperimeters and micro-segments Third-party services such as SaaS and PaaS can't be trusted: it takes one breach to compromise your network. Creating robust microperimeters around these services is an absolute must The internet is, essentially, an unsecured network, and cyberattacks from amateurs, organised crime, and hostile state actors are increasing rapidly. In addition, the costs of mitigating a breach or a ransomware attack have increased enormously. The financial risks have become profound and will drastically change IT budgets Insider threats have also increased rapidly. A mix of employees working from home and from branch offices and simultaneously providing access externally requires robust and well-structured security controls. If you've started down the path to a Zero Trust network, are you moving fast enough? Does the C-suite understand the issues, and will it fund a strategy that might be all that stands between business success and irreversible failure? If you've not yet started to plan and implement a Zero Trust architecture, there's no time like the present. NC Adrian Taylor, A10 Networks WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards MAY/JUNE 2022 NETWORKcomputing 15
Page 1: NETWORKcomputing I N F O R M A T I
Page 4: CONTENTS CONTENTS M A Y / J U N E 2
Page 7 and 8: INDUSTRY NEWS The Council, which ha
Page 9 and 10: PRODUCT REVIEW TREND Networks LanTE
Page 11 and 12: PLEASE VOTE NOW Many thanks to ever
Page 13: FEATURE: ZERO TRUST important facto
Page 17 and 18: PRODUCT REVIEW CloudCall - The CRM
Page 19 and 20: FEATURE: PUBLIC SECTOR IoT IoT: THE
Page 21 and 22: FEATURE: PUBLIC SECTOR IoT investme
Page 23 and 24: FEATURE: CLOUD SECURING THE NEW HYB
Page 25 and 26: FEATURE: CLOUD So what's going on?
Page 27 and 28: PRODUCT REVIEW Progress WhatsUp Gol
Page 29 and 30: OPINION: CYBER RESILIENCE knowledge
Page 31 and 32: PRODUCT REVIEW Fluke Networks Fiber
Page 33 and 34: OPINION: DATA CENTRES but also allo
Page 36: SUPERMICRO Edge Building Blocks Acc

NC May-Jun 2022

Create successful ePaper yourself

Delete template?

Save as template?