Enterprise Network and Security requirements are taking a paradigm shift during the last few years. Until recently most critical enterprise resources were within the security perimeter and users did not have access to these resources from outside. Anything that came from inside the corporate network was considered safe. This model is not good enough anymore as lots of applications have started to move towards SaaS and Iaas platforms.
The security perimeter is not confined within an office network as users want to access emails, join a meeting from anywhere, and using any device. This leads to an increase in attack surface as attackers now need not break into complex firewalls to gain access into a corporate network rather a simple vulnerability on an user laptop or mobile phone can let an attacker gain access to the user organization’s network.
In today’s world, CSOs started to realize that the existing approach is less secure as it exposes their corporate network to attacks and this was the driving factor for the evolution of Zero Trust Architecture. The term ‘Zero Trust’ as the name suggests is a security posture that does not trust anyone.
This reminds me of the incident when a former US president was asked to present his identity proof to vote at Chicago. This is a real-world example of Zero Trust. You no more let anyone access the resources just by face value. Anyone who tries to access the resources should be identified and authorized, be it from office LAN or from anywhere outside the office premise.
“Do not trust something because it’s inside your network”
IT professionals across the industry started to adopt Zero Trust Security as a new security standard. Do not trust any device, systems, workload, or users without authenticating them irrespective of whether it is inside or outside the security perimeter.
Zero Trust (ZT) architecture focuses on 5 key elements
Devices – IT administrator needs to know what devices are connected to the corporate network. There must be a solution in place to monitor, control, and manages the devices that are owned by the organization.
People – A secure user authentication mechanism should be in place to grant access to the corporate network. Password-based authentication is proven to be less secure with over 80% of any data breach happening due to stolen passwords. Strong multi-factor authentication should be in place to ensure allow access to users.
Network – The users and systems must have access only to those resources that are needed to perform a task. This can be achieved with least privileged access to users and systems. It is also important to divide and rule the network. The key building blocks to implements least privilege access are micro-segmentation, transport level encryption, and session protection.
Application – Today we could see a lot of applications moving towards private and public cloud infrastructure. Also, with the growing need to seamlessly access applications from any device is the driving factor to enforce Zero Trust Workload. Securing the workload especially those that are hosted in a public cloud is critical as these are attractive targets for an attacker.
Data – Finally it is the data that is most important and to protect it is the reason for implementing strong security. Data should be continuously protected while being transported between SaaS applications, workloads, mobile devices within corporate networks, or the Internet.
Along with the above key factors, monitoring, logging helps to analyze and correlate threat events in any enterprise network. To protect against an attack, one must be able to see it and understand its nature. This is possible only with a tool that captures and presents the security events in a comprehensive manner. The enterprise can improve its security posture based on the information collected. The solution must be able to integrate with organizations SIEM and other Security tools to manage and mitigate security events faster.
Building your Zero Trust Network Access with Versa
Versa Secure SD-WAN is a complete security suite that has all the building blocks for a best in class Zero Trust Network Access (ZTNA) along with strong SD-WAN capabilities. Versa’s ZTNA identifies potential threats and provides insight into the threat event by logging them into Versa Analytics. Versa Analytics also provides visibility into the traffic traversing the network between users, applications, and devices regardless of their location.
For a Zero Trust Network Access it is important to authenticate users, devices to classify them and apply appropriate security posture along with access control. For Example, A device that meets the security compliance of the organization must have a different security policy compared to the device that does not satisfy the compliance thereby enforcing a restriction on non-compliant devices. BYOD is a classic example.
Versa Secure SD-WAN identifies users, flows, packets, and applications while establishing, monitoring, and automatically adjusting security and network policies based on users, threats, vulnerabilities, and changes in the network environment. The IPSec tunnel protects data transported between two SD-WAN CPEs over any transport network. The next-generation firewall and SSL decryption capabilities along with the ability to perform micro-segmentation help to isolate and contain any security breach in an enterprise network.
Versa Secure SD-WAN can automatically segment specific types of devices as they appear on the network and apply the most appropriate policies to those devices based on their profile while leveraging genuine multi-tenancy.
Versa’s Zero Trust Network Access along with the Next Generation Firewall, CASB, and Secure Web Gateway service will help enterprise and service providers achieve their vision to implement Secure Access Service Edge (SASE) that can be deployed on cloud, on-premises or split between the two.
