Traditional perimeter-based network defenses that assume all systems within a network can be trusted are becoming outdated. The increase in users, devices, and applications accessing the network from outside of the enterprise perimeter and zone of control is quickly rendering the “trust but verify” model obsolete. BYOD, cloud services, and public wireless are just a few of the challenges making networks more vulnerable to attacks that can compromise a single endpoint within the trusted boundary and quickly spread across the entire network.
Zero trust networks eliminate the concept of trust based on network location within a perimeter. Instead, it is built around the concept of “never trust, always verify.” With zero trust, security is designed into the architecture rather than added on as an afterthought. All traffic is inspected and logged all the time. Zero trust networks strictly enforce access on a need-to-know basis and ensure all resources can only be accessed in a secure manner. Zero trust architecture also breaks networks down into segments. So, even when one segment becomes infected, the malware can be contained and prevented from spreading to other segments of the network with additional barriers that can stop data exfiltration.
Zero trust networks typically include the following:
- An identity provider that tracks users and user-related information
- A device directory that maintains a list of which devices that have access to which corporate resources.
- A service for determining if a user or device conforms to policy
- An access proxy that utilizes the above signals to grant or deny access to resources
A robust zero trust architecture will protect your enterprise systems and data while enabling your workers to access compelling cloud-based applications and work from any location on any device. As you evaluate your security strategies, consider implementing zero trust network architecture.
To learn more about zero trust architecture watch this short video presented by Kevin Mayo, Cerium’s Director of Cybersecurity and Enterprise Solutions Architect, that explains the key components of Cerium’s approach to zero trust architecture. Or, contact us for a consultation about protecting your data with a zero trust network.
Cerium’s Zero Trust Architecture (ZTA) Approach to Cybersecurity