Ask any CIO or CISO today what they are doing to protect their organization from the continuing threat of cyberattacks and you are likely to hear that they are implementing a Zero Trust approach. A recent Gartner study indicated that Zero Trust network access (ZTNA) is the fastest-growing segment in network security, forecasted to grow 31% this year. Adoption of Zero Trust frameworks offers a more comprehensive alternative to security that better aligns with today’s needs. As organizations transition from the traditional virtual private network (VPN) approach and increasingly adopt the Zero Trust models to secure the perimeter-less environment, one area that cannot be overlooked is the security of the virtual infrastructure.
In the perimeter-less remote work environment we live in today, implementing Zero Trust requires an improved governance of identity, where access to resources is not only determined based on factors such as users’ characteristics and assigned roles but also on asset status and environmental conditions like time and geolocation of the connection request. In this blog post, we describe why it is important to ensure that only authenticated users have access to the resources that they have been authorized to control. And let’s not forget that users can be individuals as well as applications, devices, and machines.
Zero Trust and the virtual infrastructure
Zero Trust is a security model designed to prevent unauthorized access to a network’s resources. It operates under the premise that no user, application, device, or machine can be trusted by default, and that every request must be authenticated and authorized before access can be granted. The Zero Trust framework for virtual infrastructure extends this model, tailoring it specifically to virtualized and multi-cloud environments. The model relies on several key security principles to deliver enhanced security at a time when the traditional perimeter is quickly disappearing and the use of virtualized applications is rapidly growing across multi-cloud deployments. Security principles addressed by the framework include least privilege, micro-segmentation, and continuous monitoring.
The principle of least privilege ensures that users, applications, devices, and machines are only granted the access they need to perform their specific tasks and nothing more. Tasks that users are authorized to perform can have wide-ranging implications on the operation and security of the business. Therefore, best practices should always dictate that a secondary review and approval be required for any sensitive configuration change. As a component of the least privilege principle, associated changes to the public key infrastructure (PKI), including changes to user and machine identity aspects, should always undergo a secondary review and approval process. This helps to reduce the attack surface and limit the potential damage of any accidental or deliberate misconfiguration that may be perpetrated. Micro-segmentation divides the network into smaller, isolated segments to prevent lateral movement by attackers. This means that even if a single segment is compromised, the attacker cannot easily move across the network and access other resources. Continuous monitoring ensures that any suspicious activity is detected and addressed immediately. This involves the use of advanced analytics and machine learning algorithms to identify anomalies and potential threats in real-time.
Foundational security mechanisms
In addition to secondary reviews and approvals and the validation of machine identities through a trusted source, an effective Zero Trust framework for virtual infrastructure also relies on foundational elements, including multi-factor authentication (MFA), role-based access control (RBAC), encryption, and cryptographic keys and secrets management. MFA protects the organization from unauthorized access and encryption protects sensitive data, ensuring that even if a user’s credentials are ever compromised, the attacker still cannot gain access to sensitive information. Keys and secrets management provides the underpinning footing, ensuring that the keys used to encrypt data and the secrets and other credentials used to access the applications and data are always secured and in compliance with government and industry security regulations.
The way forward
The Zero Trust framework for virtual infrastructure is a comprehensive security model that protects against modern threats in cloud and virtualized environments. Entrust provides a complete suite of integrated technology solutions as required by the Zero Trust framework. Extending the security of virtual infrastructure in data centers and private clouds, organizations adopting this framework can significantly improve their security posture. This includes helping reduce the likelihood of a data breach, maintaining the confidentiality, integrity, and availability of their critical assets, and supporting progress in the journey to Zero Trust maturity. To learn more about the Entrust Zero Trust framework for virtual infrastructure, download the Entrust Zero Trust Framework for Virtual Infrastructure solution brief. For details on how Entrust can help your organization in your journey to Zero Trust maturity visit https://www.entrust.com/solutions/zero-trust