Dec 23, 2021
85 Views
0 0

Architecting the Zero Trust Enterprise

Written by

Learn about Insider
Help
Member Preferences
BrandPosts are written and edited by members of our sponsor community. BrandPosts create an opportunity for an individual sponsor to provide insight and commentary from their point-of-view directly to our audience. The editorial team does not participate in the writing or editing of BrandPosts.
Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of digital interaction. 
The Zero Trust Model has become increasingly top of mind for executives who need to keep up with digital transformation and adapt to the ever-changing security landscape. Unfortunately, many organizations are still struggling with a poorly integrated, loose assembly of point products that do not align with the strategic approach expected by board members and C-level executives. 
Deployed properly, the Zero Trust Enterprise is a strategic approach to cybersecurity that simplifies and unifies risk management under one important goal: to remove all implicit trust in every digital transaction. This means regardless of the situation, user, user location, device, source of connection, or access method, cybersecurity must be built in by design in every network, connection, and endpoint to address the modern threat landscape. 
By becoming a true Zero Trust Enterprise, organizations enjoy more consistent, improved security and simplified security operations that effectively lower costs. 
Zero Trust Today: A Modern Security Approach for Digital Transformation 
As an industry, we’ve reached a tipping point: many users and apps now reside outside of the traditional perimeter. A hybrid workforce is a new reality—businesses must provide access from anywhere and deliver an optimal user experience. The days of managing implied trust by relying on a static, on-premises workforce are gone. 
At the same time, application delivery has firmly tilted in favor of the cloud, public or private, and has enabled development teams to deliver at an unprecedented pace. However, new architectures, delivery, and consumption models create more instances of implied trust, and an expanding catalog of apps creates a broader attack surface, while implied trust granted to microservices yields new opportunities for attackers to move laterally. 
Infrastructure can be anywhere, and everything is increasingly interconnected, making the elimination of implicit trust even more critical. You can no longer simply trust IT equipment such as printers or vendor-supplied hardware and software because IT and workplace infrastructure are increasingly connected to internet-facing apps that centrally command and orchestrate them. Anything internet-facing is a risk to your organization. Physical locations are increasingly run by connected things, including IoT, which typically have more access than they need. Traditional IT patching and maintenance strategies do not apply here—cyber adversaries know this is ripe for exploitation. 
Delivering the Zero Trust Enterprise 
The biggest challenge to adopting a Zero Trust architecture has not been a lack of specific security tools but a simple lack of resources (talent, budget, interoperability, time, etc.). Running the most current security controls against a moving target—a dynamic threat landscape—has been a privilege reserved for a few well-resourced organizations. So why would Zero Trust work this time for the masses? 
The Zero Trust Enterprise is enabled through Palo Alto Networks extensive experience and comprehensive set of security capabilities to introduce consistent Zero Trust controls across the entire organization. As Forrester noted in The Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q3 2020, “Palo Alto Networks has essentially either procured, acquired, or built every tool or capability an organization could need to operate a Zero Trust infrastructure. Palo Alto Networks is assembling a robust portfolio to deliver Zero Trust everywhere—on-premises, in the data center, and in cloud environments.”1 
Instead of testing, running, and fixing multiple non-integrated security controls across all of your security domains, such as malware or DLP, you can rely on one single control, which you can deploy across your entire enterprise. Security by design becomes a reality as cost of deployment, operations, and time-to-market are going down. Moreover, leveraging the network effect of telemetry from the entire enterprise and not just from one specific area means the time to respond and prevent cyberthreats goes down, leading to more resilient cybersecurity. 
Palo Alto Networks: Over a Decade of Zero Trust Experience 
As a pioneer in Zero Trust with thousands of customers and deployments, no one in security has more experience than Palo Alto Networks across the entire security ecosystem, including network, endpoint, IoT, and much more. We know security is never one size fits all. Here’s what makes our ZTE approach different: 
A Comprehensive Approach: Users, Applications, and Infrastructure 
At its core, Zero Trust is about eliminating implicit trust across the organization. This means eliminating implicit trust related to users, applications, and infrastructure. 
Zero Trust for Users 
Step one of any Zero Trust effort requires strong authentication of user identity, application of “least access” policies, and verification of user device integrity. 
Zero Trust for Applications 
Applying Zero Trust to applications removes implicit trust with various components of applications when they talk to each other. A fundamental concept of Zero Trust is that applications cannot be trusted and continuous monitoring at runtime is necessary to validate their behavior. 
Zero Trust for Infrastructure 
Everything infrastructure-related—routers, switches, cloud, IoT, and supply chain—must be addressed with a Zero Trust approach. 
For each of the three pillars, it is critical to consistently: 
The Role of the Security Operations Center (SOC) 
The SOC continuously monitors all activity for signs of anomalous or malicious intent to provide an audit point for earlier trust decisions and potentially override them if necessary. Using broad enterprise data collected from network, endpoint, cloud, and much more, the SOC uses behavioral analytics (UEBA), threat hunting, anomaly detection, correlation rules in the SIEM, and more to double-check all trust decisions. The SOC can do this because they have a wide view of the entire infrastructure versus a subset of information such as separate firewall or endpoint telemetry. When this information is examined across the entire infrastructure, the SOC has the ability to discover things that would normally go undetected in individual silos. 
Summary 
What are the benefits of becoming a Zero Trust Enterprise? By taking a holistic, platform-based approach to Zero Trust, organizations can secure their digital transformation initiatives while enjoying increased levels of overall security and significant reductions in complexity.
For more information on complete Zero Trust security, visit us.
1. Chase Cunningham, The Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q3 2020, Forrester Consulting, September 24, 2020, https://start.paloaltonetworks.com/2020-forrester-ztx-report?utm_source=social&utm_medium=blog&utm_campaign=- FY21Q1%20Forrester%20Zero%20Trust%20eXtended%20Wave%20report.
© 2021 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of our trademarks can be found at https://www.paloaltonetworks.com/company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies. Parent_wp_architecting-the-zero-trust-enterprise_112321
Sponsored Links
News
Reviews
Buyer’s Guides
Blogs/Opinion
Podcasts
Awards programs
View the archive

source

Article Categories:
Cloud Security

Comments are closed.