Are organisations ready for Zero Trust?
FYI, this story is more than a year old
Article by Forescout Asia Pacific and Japan systems engineering senior director Steve Hunter
Today’s enterprise environments rely heavily on cloud-based services and infrastructure, which effectively erase the network perimeter.
Workloads, data, and the workforce itself are mobile and need agile security.
Users also demand more access options to more accounts, data, and resources.
Concurrently, the volume and diversity of devices connecting to network resources overwhelm traditional endpoint management.
Because many of these devices, such as visitor devices, bring-your-own-device (BYOD) systems, Internet of Things (IoT) devices and operational technologies (OT), don’t or can’t run corporate management agents, security teams may be blind to many of the devices on their networks, unable to identify their users, assess their security state, or control their activities.
These systemic failings of perimeter-focused security led Forrester Research analysts to develop Zero Trust as an alternative.
Zero Trust assumes that any person or device with access to an organisation’s data is a threat to the enterprise and thus advises organisations not to trust anything.
Instead, a Zero Trust approach will verify the user and the user’s device, or just the device if not a user device, such as a printer or camera, and then restrict access to only the minimum level required for the task at hand every time.
This policy is strictly enforced through intelligent access control and network segmentation.
Despite its clear benefits, very few organisations have turned the concept of Zero Trust into a security practice.
One example of a Zero Trust strategy is the goal of discovering and classifying 100 per cent of the devices that connect to the network—not just those with endpoint agents installed and operational—and to strictly enforce least-privilege access policy based on a granular analysis of the device, user identity and authorisations, software stack, configuration compliance, and security state.
To enforce a restrictive access policy, organisations need to be able to see, assess, and control everything on the network.
According to Forrester analyst Chase Cunningham, “Visibility is the key in defending any valuable asset. You can’t protect the invisible.
"The more visibility you have into your network across your business ecosystem, the better chance you have to quickly detect the telltale signs of a breach in progress and to stop it.”
Forescout has identified three key areas that organisations should examine to improve their visibility position for Zero Trust:
1. Agentless discovery of any device. Employ a combination of agentless active and passive methods to discover all of the devices on an organisation’s extended, heterogeneous network from campus and data centre to cloud and OT networks.
2. Continuous visibility and policy-based device control. Use a real-time policy engine that uses asset intelligence to continually assess devices against policies that enforce expected behaviour.
3. Customisable device intelligence for security operations and incident response. Security operations teams lack a comprehensive view into connected devices and their classification, connection and compliance context. With the right platform, organisations will have a consolidated view of their device landscape and compliance status across the extended enterprise.
Ultimately, to get ready for, and ensure Zero Trust success, organisations need total visibility.
They can achieve this with a comprehensive device visibility and control solution that can see and control hosts that conventional endpoint management systems can’t.
This will let them reach the goal of being able to discover and classify 100% of the devices that connect to the network.