Network Perimeter – The Wall is Coming Down. The Digital Revolution is driving an unprecedented level of connectivity outside the traditional Enterprise Network. Here are some examples that illustrate the point:
The Digital Age Challenge. In the Digital Age, identifying and protecting a static network perimeter is virtually impossible. Not surprisingly, per the 2018 Verizon Data Breach Report, the breach count continues to be sizable. To make things worse, 68% of intrusions studied by Verizon went undetected for months. The point is that bad actors are in the network whether or not you’ve detected them.
What’s the Problem? Traditionally, interactions with the network have occurred through local area networks (LANs), and wide area networks (WANs). Security in this environment is focused on protecting a perimeter with fire walls, network access controls, and virtual private networks (VPNs). Once a user or device gains access to the network, they are trusted to go anywhere inside the network perimeter. A classic exploit is to gain network access, then move laterally toward the intended target. Phishing attacks and insider threats play out this exploit.
The concept of protecting a static, secure network perimeter is ineffective for the modern digital environment. With the growth in cloud and mobile applications, and the proliferation of connected devices, the network perimeter is very dynamic.
To overcome the challenge, a different paradigm has emerged based upon Zero Trust.
Zero Trust – There Is No Inside. Zero Trust is a paradigm shift from “trust, but verify” to “never trust, always verify”. The foundational thought is that there is no “inside the network”, meaning there is no safe boundary. The entire network is assumed to be compromised and hostile. In this paradigm, every user and device is equally untrusted. Each request for access to a resource or to data is evaluated to establish trust before access is granted.
Making the Shift to Zero Trust. Changing the paradigm to execute Zero Trust takes time. In a previous post, I recommended focusing on the “protect surface”, an organization’s most vital functions and assets. This advice applies to implementing Zero Trust; start with the “crown jewels”.
There are four fundamental tenets to apply while implementing Zero Trust:
Any cybersecurity solution being evaluated or implemented should support these four tenets.
Six Must-Haves for a Secure Edge. Securing the edge device is the best way to anchor a chain of trust that supports a Zero Trust paradigm. There are six crucial elements to secure the edge:
Making Trade-offs – Edge Performance vs. Security. Security isn’t free. Implementing security at an end point may require adding size and weight, drawing power away from other functions, and potentially adding cost. The answer to where to add security, and how much security to add, depends upon the performance requirements of the application and the level of security required.
Figure 1 provides a way to think about it. The end point’s size, weight and power is more constrained than the cloud, leaving less capacity for security. At the same time, the end point has less to secure, making it ideal for better security. This is why it is so important to think about cybersecurity from a systems perspective. The answer to where and how much security may change within the context of trade-offs within the system. As a general concept, the goal is to secure the end point where it matters most, moving security away from the end point when it makes sense.
Figure 1. Edge to Cloud Trade-offs – The end point’s size, weight and power is more constrained than the cloud and it has less to secure. Simple (less to secure) is better for cybersecurity.
Adoption – Not So fast. The concept of Zero Trust was introduced by Forrester Research in 2005. Although the concept has been around for over a decade, adoption hasn’t been universally embraced. The level of adoption hinges on recognizing the benefit over the perceived higher cost of implementing Zero Trust.
Implications. Adoption of a Zero Trust approach should accelerate as the lack of a defendable network perimeter amplifies cyber risk to a level well above what is acceptable to most organizations. This will tilt the cost-benefit analysis in favor of shifting to the Zero Trust paradigm. In the Digital Age, Zero Trust is a better way.
Our team at ADI is implementing solutions that secure the edge, and provide a trust flow based upon identity rooted in hardware, and authentication. Securing the edge is a game changer. Designing in the six cybersecurity must-haves is instrumental in securing the edge and enabling organizations to accelerate the pace of Digital Transformation
What Market Voices Are Saying. In the 2018 PwC Digital Trust Insights Survey of 3,000 business leaders, “81% of respondents say IoT is critical to at least some of their business. Only 39%, however, say they are very confident they are building sufficient “digital trust” controls— security, privacy and data ethics—into their adoption of IoT”.
Shout Out to a Digital Freedom Fighter. To our Deterministic Ethernet and Cybersecurity Engineering Teams working on solutions to drive Ethernet to the edge, securely.