Zscalerのブログ
Zscalerの最新ブログ情報を受信
購読するFour Steps for a Successful Zero Trust Journey
Zero trust security is a perennial hot topic for a reason—organizations are constantly trying to fend off wave after wave of increasingly sophisticated cyberattacks. In this demanding reality, it is readily apparent that network-centric security architectures built with firewalls and VPNs are not up to the challenge. You can read at length why that is the case in this blog, but, in short:
- They expand the attack surface and provide targets for criminals to find and exploit
- They fail to stop compromise because they struggle to inspect encrypted traffic at scale
- They enable lateral threat movement by connecting entities to the network as a whole
- They permit data loss via encrypted traffic and other modern leakage paths like SaaS
Zero trust overcomes these shortcomings and turns the tide on relentless cyberattacks. It is a distinct architecture that functions based on the principle of least-privileged access. It is delivered as a service from a high-performance cloud that acts as an intelligent switchboard, and delivers secure any-to-any connectivity based on business policy. Applications are hidden from public view. Cloud scale powers encrypted traffic inspection. Entities are given access only to authorized applications and not to the network as a whole. And instead of governing access based on identity alone, it does so based on risk, as determined by access context.
If you’d like to learn more about the way that zero trust works, you can watch this Zero Trust 101 webinar or, for a more fun take, read the blog, “What Did Plato Have to Say about Zero Trust Security?” Either way, with a basic understanding of how zero trust works in hand, let’s turn our attention to the four steps necessary for a successful zero trust journey.
1. Zero trust for the workforce
The ideal way to begin a zero trust journey is by securing the workforce. Why? Because users are the key cogs accessing data and driving productivity every day. Having said that, it is difficult to secure a hybrid workforce as it accesses geographically distributed IT resources—particularly for those using legacy tools built for the on-premises-only world. Unfortunately, even when organizations embrace more modern solutions, they often deploy them as disjointed point products that secure access to different types of destinations (CASB for SaaS, SWG for the web, and ZTNA for private apps).
Rather than increase complexity in this way, organizations should deploy a comprehensive zero trust platform that acts as an intelligent switchboard and secures any-to-any connectivity—all while providing ATP, DLP, DEM, and more for superior simplification, savings, security, and digital experiences.
2. Zero trust for the cloud
Securing the cloud is another crucial step in a zero trust journey. Workloads in different environments (public clouds, private clouds, and on-premises) frequently access the internet and interact with each other. But trying to secure these communications with traditional firewall architectures introduces complexity and increases risk.
The good news is that zero trust architecture can also secure workload-to-internet and workload-to-workload communications. Additionally, a fully featured zero trust platform can secure cloud data at rest in private apps (via DSPM) and in SaaS apps (via out-of-band CASB, SSPM, and SaaS supply chain security). With this modern architecture delivered from and for the cloud, legacy architectures, appliances, and point products can be eliminated, and traffic backhauling can be avoided. This simplifies infrastructure, cuts costs, reduces the attack surface, mitigates lateral movement, and ensures consistent protection against cyberthreats and data breaches.
3. Zero trust for IoT and OT
More than ever before, organizations are making heavy use of IoT (internet of things) and OT (operational technology) devices. These tools increase productivity, but the vast majority of them are not designed with security in mind. Where traditional architectures are (once again) poor fits for securing these devices, zero trust is up to the challenge.
Much like it does for users and workloads, zero trust architecture can also secure IoT and OT devices as they access the internet, private apps, and even other devices. Similarly, it provides least-privileged remote connectivity to OT systems for third-party vendors and contractors anywhere. Lastly, organizations can leverage a comprehensive zero trust platform to gain a full picture of all IoT devices across their ecosystems, empowering them to ensure complete IoT security.
4. Zero trust for B2B
Last but not least, there is the supply chain, which comprises third parties like suppliers, channel partners, and customers that have legitimate needs for accessing IT resources. As such, organizations must provide secure connectivity to apps for B2B partners. Go-to ways of doing this include site-to-site VPNs, server-to-server connectivity via the web, supplier portals, and backend app access via API. Having said that, these approaches expand the attack surface and enable lateral movement—not to mention their complexity and cost.
Fortunately, organizations can circumvent these problems by extending the use of zero trust architecture to secure app access for third parties. And with a zero trust platform that boasts agentless browser-based access and browser isolation, least-privileged access can be enforced without any software on B2B users’ endpoints.
In conclusion
The workforce, the cloud, IoT and OT, and B2B partners—each of these four entities must be secured in order to have a successful zero trust journey. While individual organizations’ needs may occasionally call for addressing the four in a different order, what matters is reaching a point where they are all secured with zero trust.
If you are just getting started, have not yet secured anything with zero trust, and want to learn more before taking action, there are a few options available to you.
First, you can attend Zero Trust 101, an introductory webinar that discusses the basics of zero trust architecture.
If you’ve already done that and want to learn about the concrete next steps you can take to begin implementing zero trust in earnest, join the Zero Trust 201 webinar. Attendees will get an in-depth look at the initial use cases that organizations solve with zero trust.
Lastly, if you’d like to learn how Zscaler is leveraging the joint power of zero trust and AI to secure and optimize organizations around the world, download this white paper.