Zero trust has gone mainstream. Everyone’s either promoting the concept, offering solutions to address the challenge, or just wanting to understand what it’s all about. And that’s the trouble: it means different things to different people, especially the word “trust,” which is a loaded term in security.
Just as we don’t trust hackers and cybercriminals, we do want to trust our employees, contractors, and business partners, don’t we? How do we succeed in business, after all, without trusting our users and guests to seamlessly access our data and resources?
That’s actually where zero trust comes in. We permit users to access the resources they need to get their jobs done. We try to stay out of our users’ way when we can. And we don’t do so blindly. We put safeguards in place to make sure users don’t leverage their access for wrongdoing, and that outsiders don’t usurp that access to carry out attacks.
As discussed on a recent security podcast, while zero trust is not new, it is now moving from the realm of hype to a pragmatic, accepted standard. In fact, Cisco was recently named a leader in the 2019 Forrester Zero Trust Wave.
Don’t let just anyone into your home…
Think of it this way. We choose to let certain visitors into our homes, but we don’t let just anybody in. We make sure we know them first, or that they can prove they’re from the plumbing company we called, for example.
We have security cameras so we can watch what people are doing when they approach our home and door. We have locks on our doors, and fences and gates around our yards, so we can decide who gets in and out. And when people do come in, we often confine them to certain areas of the house.
In a nutshell, that’s what zero trust is for our computing environments. It’s a comprehensive approach to securing access across your networks, applications, and infrastructure – including access from users, computers, phones, IoT devices, cloud applications, and more.
Amidst today’s complex computing environment, security teams are losing visibility into and control over who and what is accessing their networks and data. According to our 2020 CISO Benchmark Report, 52 percent of respondents find mobile devices very or extremely challenging to defend. And, 52 percent also said that it is very or extremely challenging to secure data stored in the public cloud.
Traditional security solutions were based on the concept of a finite network perimeter. But with the evolution of today’s workplace, the perimeter has changed due to the introduction of technologies like cloud, mobile, and the internet of things (IoT). We can no longer base security on the location from which an access request originates – because today’s users and devices are everywhere.
Cisco Zero Trust
By verifying the validity of every access request, no matter which user, location, and device it comes from, zero trust ensures that only the right users and devices get access, and that attackers cannot move laterally across the network. However, not all zero trust models are created equal.
Some zero trust solutions focus on just one component of your ecosystem, while Cisco Zero Trust offers comprehensive security across your workforce, workloads, and workplace, and dynamically adjusts to address new levels of risk. Cisco also extends zero trust across our security portfolio, and to third-party technologies, to enhance visibility and policy enforcement across your entire infrastructure.
In other words, your home security measures can protect your house and yard, but can they also secure the people, appliances, and other objects in and around your home?
Cisco Zero Trust video
Main components of Cisco Zero Trust
Zero trust is a framework and way of doing security, versus a single product or solution. That’s why vendors who want to sell you a single product to solve your zero trust challenges should be looked at with suspicion. Zero trust takes the precise coordination of people, processes, and technology to do it right. The key pillars of Cisco’s zero trust strategy include the following:
Secure your workforce
Duo Security secures your workforce, ensuring that only the right users and devices can access applications. It helps protect your users and their devices against stolen credentials, phishing, and other identity-based attacks. And, it verifies users’ identities and establishes device trust before granting access to applications – from any location.
According to Vivian Ho, Software Engineer at Lyft, “My team’s main objective is to design and build tools and services that help keep Lyft’s infrastructure and data safe, and we believe Duo is a trusted partner in this journey…we see Duo serving as a core technology building block to enable our zero trust security philosophy.”
Protect your workload
Cisco Tetration protects your workloads, securing all connections within your applications across data centers and multi-cloud environments. It contains breaches and minimizes lateral movement through application micro-segmentation.
“Tetration gives me 20/20 vision in the data center,” said Eugene Pretorius, CIO of Infrastructure and Security at First National Bank. “It’s the only tool in the world that can show what is happening across the network, application, and server planes all on one screen.”
Defend your workplace
Cisco SD-Access segments your workplace, securing user and device connections across your network, including for IoT devices like cameras, manufacturing equipment, heart pumps, and more.
“With Cisco SD-Access, we can automate and apply segmentation and security policies to our network devices up to 10 times faster than before,” said Frank Weiler, who heads up the networking department for the City of Luxembourg.
Cisco SecureX – A platform approach to zero trust
The above technologies work together, and with other Cisco and third-party technologies, through our platform approach to security – SecureX. Today’s security professionals can no longer get by with siloed technologies. With SecureX, the whole is greater than the sum of its parts as multiple security technologies are integrated to share information and work together as a team. Ninety-five percent of customers say SecureX is valuable for helping them take action and remediate threats.
Much like the security sensors on the windows in your home can trigger an alarm, which alerts your home security provider, who can call the police – SecureX seamlessly unifies visibility, enables automation, and strengthens security across network, endpoint, cloud, and applications. It’s all about greater simplicity and better security.
At the heart of our platform approach is the belief that security solutions should learn from one another and respond as a coordinated unit. And, that security should be built in versus bolted on, making it more holistic and effective. With this kind of strategy, implementing zero trust becomes less of a manual, onerous process, and more of an invisible, yet powerful means of protecting your environment – reducing the attack surface and accelerating incident response.