The enterprise network security model as we know it has no future. Networks are now under continual attack and traditional security models are proving to be indefensible.
Recent high-profile ransomware attacks on Colonial Pipeline, the Irish healthcare system, Kaseya and the operators of rail-ticket machines in northern Europe are just the tip of a gigantic iceberg. According to one recent estimate, there were 65,000 attacks last year—that we know about. We can only guess at the true scale of the problem. For every attack that gets reported, there are many others that anxious organizations would rather their shareholders and customers did not know about.
Imagine you were in charge of security at a sports stadium and you let everyone take their seat before checking their tickets. Pure madness would likely result; spectators would flood the stadium with fake tickets and attempt to claim a seat. That’s how today’s enterprise networks have been designed. That was all right when everyone on the network sat in the same building and connected via a local hard-wired connection through a firewall in the data center with a locked-down corporate device that never left the building. It was almost fine when you only had to worry about the connections between your branches and the head office. In today’s hyper-connected world with staff who can be anywhere; customers, partners, remote devices, edge locations and millions of entry points, assuming that everyone and everything on the network is authorized to be there is definitely not OK.
For most organizations today, the network boundary is fluid and constantly moving. Protecting this sprawling, constantly evolving mobile ecosystem is extremely difficult, to say the least. In fact, it’s impossible as long as you focus only on trying to fortify the network by bolting on an increasing number of devices and piecemeal “solutions.” This is a recipe for disaster–and the bad actors will break through those defenses.
Key Strategic Criteria
The solution is, instead, to focus on building applications that are secure by design, with zero-trust security baked-in rather than bolted-on. This is one of the three key strategic criteria we see for forward-looking enterprises that are accelerating the security of their applications.
Make applications secure by design – zero-trust is now the recommended security model.
Embrace tools that enable agility and efficiency and eliminate complexity.
Embrace open source for future-proofing, maximum visibility and to avoid proprietary lock-in.
Integrating security and the WAN is the next wave in network architecture. That means embedding zero-trust and access management capabilities in applications.
Zero-trust, to continue with the sporting event analogy, requires ticket checks before fans reach the stadium; it determines if they are authentic fans and therefore whether they can enter, where they can go once they’re inside the venue and which events they can watch. Zero-trust uses context as well as identity to authenticate users, and it enables policies that permit access only within a certain time window, a particular network segment or to a specific application. It removes the element of implicit trust that is so easily exploited, whether deliberately by bad actors or accidentally by careless users.
Zero-Trust Network Security
Despite the ten years that passed since the phrase was coined, enterprises are only now beginning to put zero-trust at the heart of their security strategies, but the surge in cybersecurity incidents during the pandemic and the growing wave of ransomware attacks are prompting many to move beyond strategic conversations to implementation. Governments, concerned by the potentially devastating impact of public sector attacks are leading the way.
The UK government has promised as-yet unspecified measures to tackle the ransomware threat. In the U.S. in May, President Joe Biden issued an executive order instructing federal agencies to publish zero-trust adoption plans within 90 days.
Such initiatives remind enterprises of all kinds of the urgent need to adopt zero-trust and secure access service edge (SASE) principles, but because these are security frameworks rather than specifications or industry standards the question remains how soon and how well they will make the transition from concept to reality.
In the real world of application development, it’s no surprise that insecure applications make it into production. When developers are under pressure, the security and network teams may be left out of the loop, only discovering problems when it’s too late.
Effective security tools must enable developers to embed the following zero-trust elements:
Establishing identities with private key/public key cryptography, biometrics and root-of-trust solutions
Authenticate before connect – Prevents unauthenticated entities from gaining network access
Least-privilege access – Each authenticated, authorized app is granted its own ephemeral connection, accessing only what it needs to access. All of this is policy-based and under the complete control of the customer
Micro-segmentation – Each app can only access what it requires and is logically isolated from every other session. If an app session is breached, then that breach can’t be used to attack laterally through the business WAN
Embedding zero-trust security not only provides obvious benefits in protecting data and minimizing the network attack surface. For commercial developers, the ability to bake in security to their applications provides another level of competitive differentiation. As the focus shifts from network to application, expect to see application-level security become a core requirement for buyers of cloud-based SaaS products. Unauthorized software purchases may still be a headache, but if SaaS providers integrate security with their applications the security risks posed by shadow IT will be if not eliminated, at least reduced.
Cloud providers are beginning to evolve their own network services beyond traditional VPN and MPLS-based offerings. For example, Oracle recently partnered with NetFoundry to make it easier for ISVs and enterprise developers to make their products secure and cloud-ready by design when hosted in Oracle Cloud Infrastructure (OCI).
The third consideration for developers is to stop shipping black box solutions and provide the open source tools (API, SDK) customers need to take full control of their environments; for example, by embracing Kubernetes for containerized applications and Ziti SDKs for building private, programmable networking into applications.
Zero-trust can take months to deploy, necessitating client and server-side changes as well as new infrastructure. A server-side alternative is to provide zero-trust capability from containers/VMs running on an application server or adjacent machine. The server is dark to networks and the software-only deployment requires no further infrastructure, firewall reconfiguration or nail-up VPNs.
The increasing pace and ferocity of such attacks, as the recent U.S. government initiative illustrates, has finally brought home the message that we need to stop talking about zero-trust and start deploying it. Security is too important to bolt on–and in an era when the enterprise WAN is an ever-expanding attack surface, you can’t afford to leave security to the network.