A few years ago, the concepts of microsegmentation and microperimeters for Zero Trust were championed by former Forrester analyst John Kindervag. He showed us how those concepts and their technologies could enable a more secure enterprise. Once those concepts and their associated best practices hit the street, organizations from VMware to Cisco Systems to Palo Alto Networks quickly jumped on board the train of using powerful networking technology — next-generation firewalls (NGFWs) and microsegmentation technology — to push the envelope and align with the benefits of Zero Trust. To put it bluntly, they just work.
In addition to a number of large government entities, prominent organizations like Google have employed these technologies and have gained real benefit from them (Google calls it BeyondCorp, but let’s be honest, it’s Zero Trust). We have to recognize that using NGFWs and microsegmentation/microperimeter technology is a must for any organization seeking the benefits of a Zero Trust strategy. It’s time to embrace another critical component of any Zero Trust strategic initiative:
Access control technologies are critical, as is where they would and should apply to a Zero Trust approach. To keep things as simple as possible: Command and control over who accesses the network — and ultimately the data — is key to Zero Trust. Period. Just as the NGFW and microsegmentation/microperimeter technologies enable an organization to better isolate, segment, and control the network fabric, next-generation access (NGA) performs the same functions at the “people” layer. Vendors like Centrify, iWelcome, Microsoft (Office 365), Okta, and Ping Identity are just a few of those technology enablers that have solutions I would categorize as NGA and applicable to Zero Trust.
Just as NGFW and network-focused technologies for Zero Trust have specific capabilities, I’ll point out a few of the key points for NGA:
- Correlation between accesses and users (who is doing what, where, and why)
- Single sign-on (SSO) for users (making access control simpler is key)
- Multifactor authentication (MFA) (reduces access threats exponentially)
- Some form of machine learning or automation, not only to make the access “learn” to look for anomalies, but also to make things better for the users the more they use the system
- Technical integration to enhance security at the network layer
- Clearly aligned with the ZTX ecosystem framework
Any organization considering a Zero Trust security strategy should also consider the application and use of NGA technology. Focusing solely on the network or data leaves gaping holes in security controls and will ultimately fail to fulfill any strategic security goals, much less a Zero Trust approach. NGA technologies enable better insight and better situational awareness of who is doing what in a network and enforce the policies that should be in place for data access, all key components of a Zero Trust strategy.