This article appeared recently in The Fast Mode. Written by Gerry Gebel Vice president of business development at Axiomatics.
Before the pandemic, businesses started shifting toward flexible work arrangements, allowing employees to work and collaborate remotely. With employees telecommuting, the number of computers, digital devices and video chats accessing a network perimeter surged. According to Omedia’s preliminary statistics, total internet hits increased by between 50% and 70% under lockdown.
While many businesses are embracing this unusual time to continue their digital transformation initiatives, others have accelerated modernizing their IT infrastructures to fast-track the migration of their data, applications and other key business elements to the cloud.
For example, companies using traditional network technologies like virtual private networks (VPNs) or network access controls (NACs) grant users’ access to all resources within a network perimeter once their identity is verified. However, if an unauthorized user gains access to an internal network, they may have extensive privilege to information stored across multiple platforms and systems.
As companies become more interconnected, IT teams are implementing a zero trust network access (ZTNA) security model to minimize risk and protect data. In fact, a recent Cybersecurity Insiders report found that 72% of organizations plan to evaluate or implement a zero trust model in 2020.
Moving Beyond Wide Network Perimeters to Zero Trust Network Access
Wide network perimeters worked when a single location stored information and users only accessed the network from known devices. But, as businesses update their IT architecture and priorities shift to support remote employees, adopting a ZTNA philosophy is now imperative.
A zero trust approach assumes all users, from both inside and outside the network, are a potential threat. By leveraging a variety of tools and technologies, businesses establish a designated software perimeter that requires identity verification for each person and device attempting to access information on a private network. With strict controls over each user and device accessing a network, ZTNA establishes precise techniques for permitting network access.
Businesses adopting a zero trust approach must find technologies that follow three principles:
- Least privilege access
- Multi-factor authentication (MFA)
One technology to consider is Attribute Based Access Control (ABAC), an enterprise-wide access control model that utilizes an unlimited number of attributes to meet ever-evolving security challenges.
Utilizing Context-Aware Technologies to Establish ZTNA
ABAC systems utilize attributes and policies to set the rules for admission. ABAC systems also follow multiple zero trust approaches to ensure zero trust principles do not cause any user access disruptions.
For instance, ABAC technologies adapt to the principle of least privilege by leveraging additional context attributes like risk score, device information, user location and more, to ensure only authorized users have access to specific resources. With an ABAC approach, businesses use various data sets and user characteristics to build powerful, fine-grained policies that ensure the right access control is administered dynamically at run time.
ABAC systems follow micro-segmentation protocols by allowing assignments of security policies at the workload level, all the way up to data center applications. Policies are a direct reflection of business requirements and specify which information sets users can access. Companies can model simple and complex data access policies that eliminate the security vulnerabilities of a wide network perimeter.
Additionally, ABAC technologies can redirect users to a Multi-Factor Authentication (MFA) system. As a result, users go through a stronger authentication step before they access a piece of data or application.
Combining context-aware technologies creates a zero trust network perimeter and solves complex access control scenarios to ensure unauthorized users can’t access business-critical information.
Reaping the Rewards of Zero Trust
By leveraging ABAC and flexible MFA technologies as part of a zero trust model, businesses rely on multiple, diverse factors to validate an incoming user. As a result, organizations facilitate explicit data access.
ABAC, as another example, can utilize device information, location of the user and their risk score while MFA authenticates the user’s identity. This approach allows workers to safely access information remotely utilizing context-aware, authorization and authentication.
Also, because these systems validate the user, device, location and so many other factors before granting access to exact business resources, companies greatly minimize the risk of unauthorized access and other outside threats.
As access control scenarios become increasingly complex, ABAC technologies quickly adapt to ensure only authorized users have access to the appropriate information under the right circumstance, even in the most complicated situations.
As commercial businesses expand their IT infrastructure across multiple, disparate platforms, VPNs and NACs will leave companies defenseless in distributed IT environments. Instead, organizations must merge technologies to adopt a zero trust model and protect individual business resources within an internal network.