Article
Zero trust use cases for maximizing security
As a new way of thinking about the IT environment, zero trust centers around the concept that no user, device or connection is trusted. The zero trust framework requires continuous, dynamic authentication and authorization of every connection request. This strengthens security by both preventing external access and limiting lateral movement once an intruder is inside.
Building security defenses based on static, network-based perimeters is no longer effective in today’s world; with zero trust, you’re securing assets, users and resources instead of relying on network defenses.
While zero trust use cases vary from one organization to the next, three examples include globally distributed teams, multi-cloud and cloud-to-cloud connections, and non-employee identities.
Globally distributed teams (remote workers)
Within an organization, there are often multiple satellite offices and remote employees that connect to a central headquarters. And because the teams and employees are remote, many organizations use “cloud” resources and applications to connect teams. Since these resources are outside the traditional network, legacy security tools and processes are not very effective. Some companies enable remote workers and locations to reach resources using a VPN (virtual private network) or virtual desktop infrastructure.
However, these options often prove inefficient and burdensome. Zero trust does not require users to connect to the corporate network before accessing cloud resources. Understanding the identity of the user and device is needed to make sure access is secure and appropriate.
Multi-cloud and cloud to cloud connections
Multi-cloud and cloud-to-cloud connections occur when an organization has a cloud service or computing (identity) access another cloud resource to do work. Since this communication does not traverse the main network and stays “in the cloud,” a secure and governed access policy for the cloud identity is critical to avoid a bad actor taking it over and using it to access other cloud resources.
One big challenge is that cloud providers have different ways of implementing different functionality. This could also happen when internet of things (IoT) devices access cloud resources. However, the zero trust approach doesn’t necessarily control the governance of the IoT device, but the identity around access.
Non-employee identities (third parties such as contractors, temporary employees, vendors, etc.)
When bringing non-employees or third parties into a corporate network, many enterprises utilize the zero trust philosophy of “trust no one, outside or inside the network.” If the only security the organization has is at the network layer, granting third party access creates a significant security risk. However, ensuring that any identity (user) that is inside or outside the network only has the access they need and is governed correctly will enable company resources to remain secure.
Final thoughts: Implementing zero trust
Regardless of which of the zero trust use cases apply to your organization, adopting this as a core strategy improves your ability to defend against continuously evolving threats. But keep in mind that zero trust is a concept, not a single security product or solution.
It takes a series of steps and processes to achieve end-to-end zero trust. However, zero trust is not an “all or nothing” concept — enterprises can build on the effective strategies and tactics already implemented and continue to expand on them.
Unleash the power of unified identity security
Mitigate cyber risk across the spectrum of access