Choosing and Building a Zero Trust Security Architecture
Published: 20th July 2022
With the advent of borderless perimeters – prompted by hybrid cloud and accelerated by trends towards home working and bring your own device (BYOD) – the protection of corporate infrastructure has never been more challenging. How can security leaders properly define the confines of their estate? How can they better understand the emerging landscape and identify risk areas? And how can they do all of this without getting in the way of the everyday operations of the organisation which they serve?
It is against this backdrop that a Zero Trust security architecture has much to offer. Built on a ‘never trust, always verify’ philosophy, it has the potential to transform an organisation’s security posture. When every action is verified, it makes it very difficult for an attacker to attempt to access the network – and the data that sits within it – without being identified doing so. Zero Trust also has the potential to improve the operational efficiency inside an organisation and across its supply chain.
That’s the promise at least. But what is the reality? CIONET – in association with Red Helix and AppGate – brought together senior security practitioners in the financial services sector to find out. The event was titled, Choosing and Building a Zero Trust Security Architecture.
Among the security leaders around the table there were divergent views and varying rates of adoption. For some newer financial services organisations, Zero Trust was as native as cloud adoption. For others, there was an ongoing internal “tug of war” between traditional castle-and-moat security and the identity-based alternative.
Picking up on the discussion, Marion Stewart, Chief Operating Officer at Red Helix suggested that the language around Zero Trust tends to be a little “loose”. As a result, there is a lot of confusion and, potential mistrust. If everything gets categorised as part of a Zero Trust solution, it makes it very difficult to distinguish between the hype and the genuinely useful.
Building on that theme, James Tolfree, Vice President of Sales EMEA and APAC at AppGate, said that this confusion helped neither providers of true Zero Trust solutions nor the practitioners expected to deliver 21st century security. At its best, Tolfree said, Zero Trust allows organisations the adaptability and flexibility they require to operate effectively. In other words, security shouldn’t get in the way.
Zero Trust Network Access (ZTNA) – the particular arena of Zero Trust in which Red Helix and AppGate operate – offers boundaries that are based on context and identity. Following Zero Trust principles, ZTNA removes the notion of inherent trust. Instead, the network is assumed to be hostile, and each request is verified based on a pre-defined access policy.
Roger Camrass, CIONET.
‘Choosing and Building a Zero Trust Security Architecture’ – a CIONET executive dinner in association with Red Helix and AppGate – took place on 14 July 2022 at the Bleeding Heart Yard, London.
Red Helix’s Managed ZTNA service is underpinned by Appgate’s Zero Trust Network Access platform. Learn more here.