ZERO TRUST ARCHITECTURE (ZTA) Modern work anywhere architecture without VPN
A broad security model that has been considered for implementation is modern cloud-native architecture for enterprise applications. The National Institute of Standards and Technology (NIST) fundamentally defines “Zero Trust” as having no trusted zones in the network and assuming attackers are present in your network. The Zero Trust (ZT) approach leverages continuous resource monitoring and dynamic risk evaluations to protect every individual asset/resource against a potential attacker within the network, hence “Zero Trust.”
The heart of Zero Trust Architecture (ZTA) is the Policy Engine (PE). PE is ultimately the decision maker on granting or refusing access using various datasets per session basis. This allows to move away from the user-id/password-based authentication and authorization model. Most enterprises will not implement a Policy Engine but buy one from a leading solution provider. The Policy Engine providers are actively innovating and providing interesting approaches to mitigate threats. However, the biggest hindrance has not been solution capability but the implementation and configuration of the architecture that best suits their needs. This leads to our clients asking how they go about enabling this “ZTA” in their organization.
Approach for Transition to Zero Trust Architecture
The good news is that this does not mean you have to start building your organization network and access policy from scratch; there are hybrid opportunities that can be leveraged. Every organization can follow different approaches to implementing Zero Trust Architecture that is ideal for their user flows and resource usages. The key success for migrating to any ZTA-based implementation from a legacy flat network depends on multiple factors. Based on our research and industry experience, we have classified overall success factors into the following buckets: Right Initiation, Operational Success Factor and Executional Success Factor.
1. Right Initiation:
• Identify Resources: Business critical resources, where they reside and what data they contain.
• Transaction Flow: Map the transaction flow by identifying user-groups and resource access across all critical data source components.
• Use-Case Based Implementation: Identify the high impact use-cases that would primarily benefit from leveraging ZTA to drive targeted solutions.
• Device Management and Configuration: Review against forecasted growth and current capability management.
• Automate processes as much as possible: Establish strong pipeline requirements to drive network efficiencies and reliability for the user base.
2. Operational Success Factor:
• Buy-In from the Top: This is an enterprise-wide initiative and will require organization-wide support and interactions. Given the holistic nature of it across the enterprise, executive governance is an absolute must for success.
• Build an Inter-Disciplinary Team: The transition to ZTA will require network, enterprise asset management, domain services, risk, fraud, etc. – a cross-domain leadership team is needed.
• Establish Consistent Funding: Such a large transformational journey requires consistent funding for a duration of a two-/three-year timeframe to do a gradual transition of the platform and applications.
3. Executional Success Factor:
• Self-Service Enablement: As the capabilities mature, the size and scale of such network transformation requires that individual application owners can self-service a large portion of ACLs and other access requirements. ZTA enablement must follow the same customer-first mindset. In this case, the customers are application developers and owners.
• Establish Common Implementation Patterns: Define well documented common patterns for enabling ZTA for common use-cases within the organization; for example Web/HTTPS based applications, device management, etc.
• Project categorization into Sub-Projects: Given the size and scale of such complex initiatives, it will require detailed planning that involves breaking overall ZTA migration projects into smaller milestones.
• Exception Scenario Planning: Issues will arise due to production failures and cyber-security implications. Having a well-established plan to deal with this will be critical and necessary to keep momentum in the program.
• Phased Roll-out: Large-scale transformation applies even more at such an intrinsic level. Do not onboard large/missioncritical applications. Don’t expect everything to go according to plan and be open to change or adapt your plan as your implementation proceeds.
• Long Tail Planning: Certain use-cases, such as legacy thick clients, NFS usage, etc., will require an extended timeline and changes to actual use-cases and business applications. It will require that the enterprise be committed to tackling these scenarios.
Why adopt Zero Trust Architecture (ZTA)?
•Reduced Risk of Cyber Security Breach: Increasing the cyber-security paradigm for the overall organization by finegrained network access control.
• Remote Working: ZTA inherently allows applications to be accessible from anywhere in the post COVID-19 world. This remote working trend will further accelerate and, in fact, ZTA can be a huge productivity enabler in such a mode.
• New Onboarding/VPN Reduction: COVID-19 has shown that VPN based architecture is hard to scale and can cause significant cost pressures. Users, especially in branches, contact centers, etc., can be easily onboarded in a ZTA model.
• Scalable and Analytics driven: A ZTA-based cybersecurity approach has security principles embedded throughout the data flow, hence it is highly scalable and allows data-driven decision-making with its strong reliance on active monitoring.
Today’s landscape requires change/reliability for the future. Given the nature of cloud-based applications and adoption of SaaS solutions combined with an increased need to enable safe remote working, ZTA allows for a scalable and dynamic approach to securing resources. With “Adaptive Digital Identity” being the cornerstone of ZTA, Zero Trust goes beyond configuration of profiles and enables optimal control for a secure user experience.
Zoho One announces new apps, services and platform enhancements
Zoho Corporation has introduced six new apps, three new services and seven major platform...
Happiest Minds included in Now Tech: Robotic Process Automation Services analyst report
Happiest Minds Technologies Limited (NSE: HAPPSTMNDS), a ‘Born Digital. Born Agile&r...
Asia-Pacific Women leaders power up for 4th annual Women to held from November 1-5
Hundreds of ambitious women in business will gather virtually at the fourth annual Wo...
India Pavilion at Expo 2020 Dubai to host ‘Space Week’ starting 17th Oct
The India Pavilion at Expo 2020 Dubai today announced the agenda for the upcoming Space We...
FOCUS BANGALORE and NSIC organises virtual conference
FOCUS BANGALORE( Forum of Critical Utility Services) and NSIC ( National Small Industries...