Presented by Nutanix
Virtual machines and cloud computing are quickly eliminating traditional data security boundaries. Where a definable, protectable perimeter once surrounded corporate data centers, for example, enterprise digital assets have become scattered across multiple on-prem and public cloud IT environments. The distributed nature of data across dissimilar IT environments has created new security challenges for enterprises.
The average worldwide cost of a data breach is $3.92 million, according to the Ponemon Institute. With so much at risk, no enterprise can afford to sit still when it comes to cybersecurity. But how can enterprise strategies evolve to address the dynamic and borderless nature of today’s digital resources?
A new security mindset
This is where the zero-trust security model comes in. Zero trust is an application of the “least privilege” concept that assigns data and network access rights based on the bare minimum required for individuals and applications to perform their roles successfully. At the network level, zero trust typically involves the use of microsegmentation, which primarily entails building very narrow firewall policies around every enterprise server, virtual machine, and service. There are four compelling reasons to start moving in the direction of zero trust:
- The disintegration of physical boundaries, as described. There are far more outsiders trying to penetrate your defenses to worry about today than there were 10 years ago, particularly when your data resides off-site in one or more cloud locations. The new network “perimeter” is no perimeter, except for the access control and identity management policies you set and enforce.
- “Insiders” are no longer automatically trusted users. At one point in history, everyone inside a physical enterprise was a trusted user, and outsiders posed the perceived risk. Time has shown us that insiders can be disgruntled employees looking to do harm or workers seeking to profit by selling company or customer data. There are many other scenarios in which employee misuse of corporate data and networks, whether malicious or unintentional, could take an unfortunate and costly turn.
- The insidious rise of ransomware, which usually spreads between machines and has now begun infiltrating data centers. Each year, ransomware attacks cost businesses a reported $75 billion. Ransomware encrypts data on one or more computers and holds it hostage until someone pays a bounty or ransom for a key to decrypt it. Early this year, a suspected ransomware attack hit two casinos in Las Vegas that left them able to trade only in cash and with nonworking slot machines for several days. More serious attacks in the recent past have been on the cities of Atlanta, Baltimore, and New Orleans, and it took them many months to recover.
- Time. Migrating an existing environment to a zero-trust model is a journey. Success requires detailed knowledge of how applications are used (by whom and why) and the network connectivity they support. This can be a difficult task with today’s complex distributed applications, particularly when there are legacy apps backed by tacit knowledge and little documentation, and time is of the essence. Start now to avoid finding yourself in a precarious security situation.
Moving to a zero-trust model helps counter the security threats created by disintegrating network boundaries, insider exploits, and ransomware by locking down access rights in a more disciplined manner than ever before. Doing so leaves far smaller margins for unauthorized entry and nefarious activity.
Trust no one
When you implement zero trust, what will your environment look like? Consider this: If at one point, locking the front door to your house represented adequate security, zero trust goes a step further and locks the doors to all your inside rooms. In this way, zero trust represents the next step in the natural enterprise security progression. At one point, standards moved from “everyone can access everything” to broad, user group-based access controls enforced by VLANs and corporate firewalls. Now, it’s becoming necessary to apply even narrower, more restrictive zero-trust policies to individual users, workloads, and applications.
Getting there requires investigation into legacy applications, who uses them, and with whom and what those applications currently communicate. You’ll need a process and flow tools to discover this information. Once you have this visibility, you can begin writing your least-privilege access policies and enforcing them.
Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. Content produced by our editorial team is never influenced by advertisers or sponsors in any way. For more information, contact [email protected]