March 15, 2020 | By Guy Liberman Cyber Security Division Manager
How ZeroTrust can help fight against coronavirus implications for organizations?
While the world is struggling to get a grip over one of the most advanced pandemics – Coronavirus, organizations across all the industries are reinstating their Business Continuity plans (BCP). This outbreak is also compelling organizations to review their disaster recovery (DR) plans (in case, if exists) and another majority of organizations, are working to define an adequate BCP/DR plan.
BCP and DR plans have been on the rise from the last couple of years but the current state of proceedings concerning the outbreak is having a massive impact on business operations. Considering the risk management process, most of the organizations generally avoid taking into consideration such “once in a generation” risk, while creating business continuity and mitigation plans. A pandemic on the lines of Coronavirus, now, can shut down the entire organization or even a country.
At this point, multiple organizations are either taking ad-hoc steps to ensure their business continuity or in the majority of cases, were waiting for this to pass by. In either of the cases, the risk across all types of industries ranging from manufacturing factories, retail stores to corporate offices – shutting down and supply chain organizations unable to deliver the services, it is causing a major blocker.
With these major blockers, where does Zero Trust come into play?
Before we delve into the granularities, let’s understand the meaning of Zero Trust. Predominantly it can also be referred to as ‘never trust, always verify’.
This concept doesn’t emphasize on perimeters or boundaries, but anyone and everyone within and outside the premise are considered adversaries, unless proven otherwise. Though the major advantage of this approach is that a system or a user located at the office or home would bear the same risks, and different policies will help achieve the same level of assurance.
Interestingly, organizations that have implemented the Zero Trust approach can overcome the internal policy and regulatory barriers with capabilities to handle the ongoing calamity.
The concept of zero trust lays emphasis majorly on the following three key principles, which should be incorporated throughout an environment:
- Access to resources should be secured regardless of location
- All traffic must be inspected, logged and analyzed
- “need-to-know” should be managed and strictly enforced
Cloud Security Alliance (CSA) developed Software Defined Perimeter (SDP) or “Black Cloud” to implement Zero Trust architecture. SDP is fundamentally used to control access to resources based on identity and can reduce the overall attack surface, improving business operations and performance creating a dynamic and scalable environment.
SDP primarily consists of three main components:
- SDP Client – This component will go through the process of device verification and once verified would initiate the TLS tunnel
- SDP Controller – This component is fundamentally a Trust Broker managing authentication, authorization, used for session management and verification of the status
- SDP Gateway – This component provides access to resources and also terminates the TLS session
It’s ironic that in times of need where risk readiness should help organizations keep their businesses moving, most companies are beating around the bush – discussing and identifying alternatives for, if they should allow employees to connect from home and how it would enable them to operate in this “perimeter-less” situation.
This is Bob. Bob knows that in this global era with off-network access – home, office, and coffee shop have similar risks to the business. Thus, Bob never trusts, always verifies.
Be more like Bob.
Building an SDP and Zero Trust architecture can thus support multiple ways for managing risks across all the environment, helping an organization to maintain a business in normal state during such pandemic.
Stay Safe with TrustNet!