Adapt to Network Changes with Zero Trust

internet cyber security picture id493711864
iStock

The old saying, "change is good," doesn't necessarily apply to network security. It's much easier to secure a network where nothing changes. Unfortunately, that's not the reality of business today.  Most enterprise networks are in a state of continuous evolution, driven by advances in technology, changes in business objectives, and a radical shift in where and how employees access the network. Although many business changes may be planned, unexpected changes can happen anytime. The impact of COVID-19 on the plans of the typical enterprise is a case in point.

After the initial rush to transition from an in-office workforce to one that could operate remotely, many organizations accelerated their plans to transition applications to the cloud. The pandemic turned out to be a unique opportunity to see if remote work was viable. At many organizations, remote workers have remained productive (or been more productive) and want to continue working from home, so some businesses have decreased their fixed costs by introducing hybrid work models that reduce the need for expensive real estate.

Hybrid employees work from both office and remote locations on a regular basis, which means they are often outside a “safe” or trusted in-office environment. People and devices are constantly joining and leaving networks and accessing different areas. And all of it needs to be secure.

Every company would love to have an agile, resilient network with an infrastructure that can quickly adapt to business needs without outages or security breaches. But making network changes can be risky. Even something small like adding a firewall rule or provisioning a new rack can lead to problems. More than half of network outages are caused by configuration changes, so changes need to be incorporated carefully, and automation should be approached even more cautiously.

Adapt to Changes

The number of applications running on networks continues to increase alongside the growth in remote work. As a result, traffic patterns are more variable, and applications that are latency- or jitter-sensitive can be disrupted by a burst of traffic to another application. Server or memory bottlenecks may occur, which also affects the user experience. For example, even small network issues can lead to quality problems in video meetings.

Recently, a survey from Fortinet surveyed 472 cybersecurity professionals and business leaders worldwide to learn about their attitudes about zero trust and their implementation progress. Respondents cited the ability to "quickly adapt to rapidly evolving network changes” as one of their top reasons for adopting zero trust, along with the need to provide security across the attack surface and improve the remote work experience.

Remote employees and devices are essentially an "edge of one," which requires edge security akin to a (very small) branch office. When employees are working at home, they generally connect through potentially vulnerable home networks that may include connections to poorly secured IoT devices and other hacker pathways. And when they travel, their devices and applications are not protected behind a firewall, exposing them to unsafe networks. Even in the office, employees may be subject to threats on corporate networks and attacks that exploit their authorized connection to the network.

Zero Trust Can Help

Zero trust can help organizations improve network agility. They need to implement both zero-trust access (ZTA) and zero-trust network access (ZTNA) to identify and classify all of the users and devices that seek network and application access, assess their state of compliance with internal security policies, automatically assign them to zones of control, and continuously monitor them, both on and off the network.

Laptops need to be fully secured with technology that can dynamically harden the system and block cyberattacks. All devices also need to support the inspection of operations to identify anomalous activity, the investigation of potential incidents, and the containment of attacks in progress—including the ability to roll back changes made by malware, such as ransomware.

Critical applications and data also need to be protected, whether they are in the cloud or on-premises. ZTNA restricts user access, permitting access only to those users in allowed roles. Individuals are only given access to applications once they have proven their identity and verified that the device they are using is safe. This level of control isn't dependent on location. It applies no matter where someone is working from and no matter where the applications are hosted. ZTNA also isn't a one-time event; it verifies users and devices for every application session.

Taking a platform approach to zero-trust can simplify matters further. Implementation is easier if the solutions and products are integrated because that makes them simpler to deploy, configure, and maintain. A cybersecurity mesh platform is a collection of products that are designed to work together, share information, and even take automated actions. If you select a platform with an open ecosystem, you can have a wide variety of vendors across the solution.

Changes Will Continue

Changing patterns of data traffic create new challenges for corporate networks. More data than ever is moving in multiple directions both within the organization and beyond it in the cloud. Securing users and data in such a rapidly changing environment requires zero trust that is integrated as part of a platform of integrated security solutions to deliver proactive, integrated, and context-aware security and threat intelligence to protect distributed networks no matter how much change the business requires.

Learn more about Zero Trust solutions from Fortinet that enable organizations to see and control all devices, users, and applications across the entire network.

Related:

Copyright © 2022 IDG Communications, Inc.