In a recent article for Forbes, Dave Lewis recalls an experience earlier in his career in which the physical access controls to production servers were completely undermined by lack of proper network segmentation. In the article, he notes that traditional network segmentation is now being replaced with movement towards “zero trust.” The concepts of “inside the network” versus “outside the network” are melting away as organizations steadily move towards cloud-based and hybrid infrastructures.
Zero trust is a network architecture in which you trust no one. You do not make assumptions about internal or external traffic being ‘good’ or ‘bad’ but instead should verify identity before allowing access to an asset. Instead of creating one wall around the perimeter of the network, organizations are moving to microsegmentation around each asset, using a multitude of factors to assess whether to allow access. Organizations are leveraging a number of technologies to achieve this, from identity and access management solutions to multi-factor authentication and permissions management systems.
This trend towards zero trust reflects changing assumptions. While it was historically assumed that a user ‘inside’ the network should have access, zero trust reflects the assumption that hackers may already be ‘inside’ your network and you need to place additional controls to limit access from inside as well. Additionally, there may not be clear lines between “inside” and “outside” when leveraging cloud-based or hybrid solutions, which may inherently allow a mobile workforce to connect on the go.
This move towards zero trust is likely a positive one and the increased access controls can help prevent unauthorized access. However, this only reinforces the need for careful monitoring of your assets across on-premises and cloud-based resources, to identify and remediate any security incidents. Security monitoring solutions collect and correlate data from across your network assets, whether they are on premises or cloud-based, to identify anomalous activity which may indicate a security issue. Without clear internal/external networks, it can be especially difficult to see the related interactions across systems; security monitoring provides this visibility.
For organizations who struggle with the time and budget to deploy and manage SIEM technology and staff a 24x7 SOC to monitor and investigate the alerts on their own, Cygilant SOCVue can be a cost-effective solution. If you are looking to implement a security monitoring solution, download our free guide with 11 key requirements to consider: