Zero trust

Five ways to implement zero-trust based on NSA’s latest guidance

Five zero-trust tips

(Stock Photo, Getty Images)

Organizations across all industries experienced a surge of ransomware attacks last year as cybercriminals extracted  $1.1 billion in payments from victims. To thwart these bad actors and improve network security, the National Security Agency (NSA) released a new cybersecurity information sheet: “Advancing Zero-Trust Maturity Throughout the Network and Environment Pillar.” 

As the creator of zero-trust, I’m pleased to see the NSA’s document emphasizes a paramount, yet frequently overlooked element of zero-trust security: segmentation.

I have long advocated that segmentation stands as the fundamental essence of zero-trust. However, in recent years, there has been a noticeable tilt toward the Identity pillar of zero-trust, leaving network security controls vulnerable both on-premises and in the cloud.

As the attack surface expands and the digital landscape grows increasingly interconnected, segmentation of on-premise networks, cloud, multi-cloud, and hybrid environments becomes imperative for organizations to fortify resilience and establish enduring zero-trust architectures.

The NSA also recognizes the importance of "data flow mapping." Flow mapping has been a focal point of my zero-trust advocacy since its early days. Understanding system interconnections is essential for successfully architecting zero-trust environments.

NSA’s document also underscores the significance of network security technologies in establishing a zero-trust environment. Organizations, whether on-premise or in various cloud environments have largely overlooked the importance of network security controls. I think of network security as the cornerstone of zero-trust, particularly in combating ransomware attacks that jeopardize essential services and disrupt everyday life.

The NSA has reaffirmed this pivotal role of network security, finally granting zero-trust segmentation (ZTS) the recognition it deserves. This guidance should help organizations comprehend the importance of the Network pillar within zero-trust and encourage them to pursue network security technologies as they progress toward implementing a zero-trust architecture.

What lies ahead for zero-trust

As global connectivity grows, the attack surface expands. That’s why it’s imperative for organizations to delineate, map, and fortify their most critical Protect Surfaces within their zero-trust environments.

I hope the NSA’s recommendations convince more organizations to implement zero-trust as they cope with the ever-changing cybersecurity landscape. These zero-trust principles have become mainstream across various industries and organizations of different sizes. As cyber threats evolve, more companies will recognize the need to implement a zero-trust approach to protect their digital assets.

Here are my recommendations for how to implement zero-trust effectively:

  • Deploy continuous authentication: Stop relying on traditional security models focused on perimeter defense and static authentication methods— they are outdated and ineffective. Zero-trust emphasizes continuous authentication and authorization. In the future, this could involve more advanced biometric authentication, behavior analytics, and machine learning algorithms to assess and adapt to risks continuously.
  • Integrate with cloud and edge computing: With the rising adoption of cloud and edge computing, integrate zero-trust principles across these distributed architectures while also exploring how to utilize cloud-native security solutions.
  • Embrace API-centric security: With the growing prevalence of microservices and API-driven architectures, zero-trust principles extend beyond traditional network boundaries to secure interactions between services and APIs. That could involve implementing granular access controls, encryption, and authentication mechanisms for API communication.
  • Balance security with privacy considerations: Because privacy implications are scrutinized more closely, zero-trust implementation will need to balance security requirements with privacy concerns to ensure the enforcement of access controls without compromising individual privacy rights.
  • Align with data protection regs: Teams must ensure their zero-trust implementations align with data protection regulations such as GDPR and CCPA, which could potentially require additional safeguards to protect sensitive data and demonstrate compliance.

    • I commend the NSA for issuing its latest guidance because it’s a significant endorsement of the effectiveness and significance of ZTS, offering invaluable guidance for organizations seeking to fortify their cyber resilience amid the ever-changing threat landscape. It’s impossible to prevent all cyberattacks, but implementing a zero-trust model will significantly reduce the potential damage and strengthen any organization’s security posture.

    John Kindervag, chief evangelist, Illumio

    Related

    Investment round pulls in $37.5M for Portnox

    SiliconAngle reports that Texas-based network security startup Portnox has procured $37.5 million from a Series B funding round, bringing total investment to $59.5 million, with the newly obtained funds to be allocated toward strengthening its cloud-based zero-trust access control solutions and its penetration of additional markets.

    Related Events

    Get daily email updates

    SC Media's daily must-read of the most current and pressing daily news

    By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

    Related Terms

    Asymmetric Warfare

    You can skip this ad in 5 seconds