“The fundamental way you look at Zero Trust is it’s an architectural approach to how do you secure your network focused on what’s most important,” says Scott Stevens, SVP, Global Systems Engineering at Palo Alto Networks. “You focus on the data that’s key to your business. You build your security framework from the data out.”
Zero Trust Focuses On the Data That’s Key to Your Business
We’ve been working with Forrester for about six years now looking at Zero Trust architecture. The fundamental way you look at Zero Trust is it’s
Fundamentally what we’re dealing with in security are two big problems that we have. First are credential based attacks. Do we have somebody with stolen credentials in the network stealing our data? Or do we have an insider who has credentials but they’re malicious where they’re actually stealing content from the company? The second big problem is software based attacks, malware exploits scripts. How do we segment the network where we can enforce user behavior and we can watch for malicious software so we can prevent both of those occurrences through one architectural framework? I think Zero Trust gives us that template building block on how we build out those networks because everybody’s enterprise network is a little bit different.
You Need To Start With What’s Most Important.
We have to build those things together. On the Palo Alto Networks side what we do is Layer 7 enforcement based on identity. Based on who the user is and what their rights are we are able to control what they are allowed access to or what they’re not allowed access to. Of course, if you’ve got a malicious insider or somebody that’s logged in with stolen credentials we can prevent them from doing what they’re not allowed to do. Working here with Forescout, we’ve done a lot of really good integration with them on that identity mapping construct. They help us understand all the identities and all the devices in the network so we can then map that to that user posture and control at Layer 7 what they’re allowed to do or not allowed to do.
You need to start with what’s most important. Clouds and data centers as a starting point are generally the same. How we segment is actually the same. Sometimes we think that clouds are are more difficult to secure than data centers, but they are the same basically. We’ve got north-south traffic, we have east-west traffic. How do we inspect and how do we segment that? How do we focus on what’s the most important critical data to their business? If we stratify their data sets and their applications that access that data and then move down we may have 50 percent of the applications in their cloud or data center that we don’t micro segment at all because they’re not critical to the business. They’re useful to the employees, but if something goes wrong they’re, no big deal and no impact to the business.
Micro segmentation isn’t just a conversation of where we have to do things but it’s a conversation contextually in terms of what’s relevant and where is it important to do that and then where do you do a much less robust job? You always have to have inspection and visibility, but there are parts of your network where you’re going to be somewhat passive about it and there are parts of your network that you are going to be very aggressive. These include multi-factor authentication, tight user identity mapping, how do we watch for malware, how do we watch for exploits, all of the different aspects.
>> Read a companion piece to this article here: