Zero Trust security is an architectural model for network security, first introduced by an analyst at Forrester Research, that is guided by the principle of “never trust, always verify”. While not an entirely new theory, most enterprise security models have tended to employ a “verify, then trust” model, which means if someone has the correct user credentials, they are admitted to whichever site, app, or device they are requesting. This model does not work in today’s business climate, and as a result, many organizations have been subject to malware and ransomware attacks, and data breaches that have impacted brands and bottom lines.
New business initiatives and processes have created new attack surfaces, and a corporate security perimeter no longer makes sense. Applications, users, and devices are moving outside, dissolving what was once the trusted enterprise perimeter. Protection is now needed where applications and data, and users and devices, are.
Users, devices, applications, and data are moving outside of the enterprise perimeter and zone of control.
New business processes driven by digital transformation increase risk exposure.
“Trust but verify” is no longer an option, as targeted, advanced threats are moving inside the corporate perimeter.
Traditional perimeters are complex, increase risk, and are no longer compatible with today’s business models.
IT needs to ensure that users and devices can safely connect to the Internet, regardless of where they are connecting from, without the complexity associated with legacy approaches. Additionally, IT needs to proactively identify, block, and mitigate targeted threats such as malware, ransomware, phishing, DNS data exfiltration, and advanced zero-day attacks for users. Zero Trust security can improve your security posture while reducing risk of malware.
Traditional access technologies, like VPN, rely on antiquated trust principles, which has resulted in compromised user credentials which have led to breaches. IT needs to rethink its access model and technologies to ensure the business is secure, while still enabling fast and simple access for all users (including 3rd party users). Zero Trust security can reduce risk and complexity, while delivering a consistent user experience.
Enterprise access and security is complex and constantly changing. Traditional enterprise technologies are complex and making changes often takes days (and often across many hardware and software components) using valuable resources. A Zero Trust security model can reduce FTE hours and architectural complexity.
If you opt for a simple VPN setup, you probably do what many companies do — you allow logged-in users to have IP-level access to your entire network. We know how dangerous this is. Why should call center employees have IP access to source code repositories? Or why should a contractor using your billing system have access to the credit card processing terminals? Access should be to just those applications needed in order to perform a role.
Enable your security teams to ensure that users and devices can safely connect to the Internet, regardless of where they are connecting from, without the complexity associated with legacy approaches.
A Zero Trust security architecture should not come at the expense of simplicity, user productivity, or experience.
For a quick win, start by provisioning access based on Zero Trust security principles to user groups, such as contractors, which are a high-risk group. Then determine a phase-out plan for legacy access for all users.
As the classic approach to enterprise security is no longer viable, businesses must shift to meet their users, applications, and data where they live — today, that means the cloud, as it offers increased and improved flexibility, collaboration, connectivity, and performance. Akamai has been a cloud-native company since our inception in 1998. Akamai is built on three fundamental pillars that differentiate us from other Zero Trust solution providers: our unmatched platform, our trusted brand, and our expertise.