In the age of hybrid work and cloud, cybersecurity needs to evolve to defend the changing network perimeter. The perimeter is no longer the organizational firewall, but then at the edge, with your remote users, IoT devices, and applications residing in the cloud.
Zero Trust versus the Traditional Security Model
Zero trust security is gaining more attention in organizations, including Public Sector agencies. Zero trust, as the name suggests, is a cybersecurity model based on removing trust from the network architecture. Access requests from users and devices are continually verified whenever they request access to data or applications. In contrast, the traditional security approach adopted by many government agencies allows users to authenticate once to enter the network before they can freely access resources within. This ‘castle-and-moat’ approach risks lateral movement from attackers, who can access the organization’s crown jewels once they have gained entry.
Securing the Future of Public Sector
Public Sector agencies are accelerating their digital transformation agenda. The adoption of technologies such as hybrid work solutions, mobility, cloud, and IoT are enabling agencies to deliver citizen services more efficiently, collaborate remotely, and stay ahead of mission-critical demands.
While agencies continue to leverage the cloud, pivot towards a hybrid work model or see an explosion of personal and IoT devices, their network environment becomes a lot tougher to secure. Government IT traditionally has been focused on a perimeter-based, defense-in-depth strategy oriented around strengthening the perimeter to keep threats outside. However, today’s network environment is one with users connecting remotely, hybrid workloads, and third-party access requests from partners and vendors. The network is exposed to an expanding attack surface; the assumption that everything within the perimeter can be trusted, no longer holds true.
As the network’s edge expands to include remote users, devices, and cloud applications, organizations need a more proactive security strategy. Consider a zero-trust approach that never implicitly trusts users, whether they are situated within or outside the perimeter. With a zero-trust model, you can secure access across your applications and network, from any user or device, regardless of where they are located.
The Three Pillars of Zero-Trust
Zero trust is not a one-size-fits-all, or out-of-the-box solution. It is a framework that has to be adapted to an organization’s unique needs and network infrastructure. At Cisco, we break in down into three pillars, aligned with the model proposed by Forrester, to simplify design: the workforce, workload and workplace.
You do not need to upend your existing security infrastructure to unlock a zero-trust model. Cisco’s zero-trust solutions seamlessly integrate with your infrastructure, to create a comprehensive security strategy that can secure access across your network and applications, regardless of the user and device, and where they are situated.