By Gee Rittenhouse, CEO, Skyhigh Security
It’s time to adopt a zero-trust approach. Organizations in all sectors are adopting the hybrid workforce model, and this is forcing a shift in cybersecurity practices. Employees, contractors and other third parties demand rapid and secure access to the web, cloud and private applications to support global collaboration transparently and without disruption.
It’s no longer network security as usual. Traditional or perimeter network security mainly concerns itself with keeping attackers out of the network with technologies like firewalls, VPNs, access controls, intrusion detection systems (IDS), intrusion prevention systems (IPS), security information and event management (SIEM) and email gateways. Now that remote work and the widespread use of cloud apps and services are the common workforce model, perimeter security is rendered nearly obsolete.
One of the most important steps you can take to secure your entire hybrid estate is to implement a zero-trust architecture, which is based on the tenet of “never trust, always verify.” Zero trust challenges the users and devices to prove they are authorized to access resources, even if they are within the walls of the network perimeter. In other words, zero trust treats all traffic as potentially hostile until the identity of the device or user is authenticated according to a strict set of criteria.
To properly and fully protect your evolving hybrid environment, you need to implement a zero-trust architecture, which includes cloud-native security and an understanding of the limitations of network perimeter security. Let’s look at some of the ways you can benefit from this approach:
- Shrink the attack surface: Your users connect directly to SaaS or private apps and other resources they need to do their jobs, but less frequently to the network. As such, there’s little risk of lateral attacks or compromised devices infecting other resources, but still a risk of data being exfiltrated. By diminishing the attack surface, zero trust curtails the impact and severity of attacks, which reduces the time and costs associated with response and remediation.
- Improve threat detection: All data-sharing and data-access activity must be continually monitored and compared to baselines built on analytics and historical trends to identify anomalous behavior and traffic. With this combination of monitoring user behaviors, granular policies and rules and security analytics, you’ll find it easier to discover internal and external threats.
- Prevent data breaches: Since everything in zero trust is assumed to be risky, every access request is inspected and authenticated before “trust” is granted. Even when trust is established, it’s continually reassessed in terms of context, such as changes in the user’s location or the type of data that is being accessed. A zero-trust model or architecture provides secure access to everything and everyone.
- Reduce business risk: Zero trust provides better visibility and control over what and who is on your network—users, devices, components and workloads—and how they are communicating. It also enables you to manage and enforce data protection and web access policy company-wide.
The ideal solution of a zero-trust architecture is a unified Security Service Edge (SSE) architecture that converges and integrates data and threat protection technologies and acceptable use control across private apps, shadow IT, SaaS apps and web traffic. The most comprehensive single-vendor SSE solutions bring together a cloud access security broker (CASB), secure web gateway (SWG) and zero trust network access (ZTNA). SSE provides you with visibility across your infrastructure, making it easy to create, manage and enforce policies in one place.
The right SSE also gives you powerful, cloud-native protection for any device anywhere—whether managed and agent-based or personal and agentless. A truly effective, data-aware SSE integrates data loss prevention (DLP) scanning, antimalware technology and remote browser isolation (RBI)—an ideal trio for protecting the internal and remote workforce.
SSE also provides a single-pane-of-glass management platform that enables you to apply unified policies across cloud platforms, endpoints, the web, SaaS and private apps, regardless of whether your data is at rest or in motion. Consistent policy is applied corporate-wide and moves with the user and data instead of being tied to each access technology.
Now is the time to level up your cybersecurity approach and meet the future of digital transformation confidently.
About the Author
Gee Rittenhouse is the CEO of Skyhigh Security. Gee is a recognized innovation leader whose passion is creating technology solutions that empower people. Gee joined Skyhigh Security in January 2022 to help organizations thrive by providing a simpler way to secure their data. Before stepping into the role of CEO, Gee was the Senior Vice President and General Manager of Cisco’s Security Business Group and previously served as Vice President and General Manager of Cisco’s Cloud and Virtualization Group, helping shape the company’s cloud and virtualization strategy. Before Cisco, Gee was President of Bell Labs famous for Noble Prize-winning innovations.
As a technology thought leader and veteran in the security industry, he has published numerous articles, holds more than a dozen patents, and has appeared before the U.S. Congress, U.S. FCC, European Presidential Commission, and World Economic Forum. Gee has a Ph.D. degree in electrical engineering and computer science from the Massachusetts Institute of Technology.