The Book
Membership
Explore MembershipGlobal Expansion Program
AppSecConS3M2Journey to AppSec Maturity
Events
Upcoming Events
JTAM Virtual Workshop Sept 2023JTAM Rountable- OWASP Global AppSecJTAM OWASP Global AppSec conferenceJTAM AWS ReInvent conference
Past Events
Chicago MeetupJTAM LuncheonAppSecCon New York ReceptionAppSecCon Austin ReceptionAppSecCon Santa Clara ReceptionMumbai ChapterAtlanta ChapterBengaluru ChapterNew Delhi ChapterNYC Chapter LaunchCyber SoireeWomen In SecurityDavos DialogueFirst LookSBOM
Resources
PodcastsBlogsState of AppSec 2023
Contact Us
The Book
Membership
Explore Membership
Global Expansion Program
AppSecCon
S3M2
Journey to AppSec Maturity
Events
Resources
Contact Us

Embracing New Business Frontiers with Zero Trust Security

By 
Deepak Mathur
,
and
November 23, 2022

The Zero Trust security model has been gaining traction in the light of the recent cybersecurity attacks, and for good reason. Zero Trust is a security concept grounded in the belief that it is best never to trust anyone, inside or outside an organization’s network without verification. 

As opposed to conventional security systems such as Virtual Private Networks (VPNs), the Zero Trust security system is a more robust option to counter modern network security challenges (ransomware attacks, hybrid cloud environments, and secure remote access) by premising itself on the ‘better safe than sorry’ adage. 

With enterprises moving over to a cloud-native and containerized world, it’s no longer a choice but an urgent requirement because the need of the hour is to:

  • Secure CI/CD pipelines
  • Slash costs and complexity
  • Gain more visibility and control
  • Support compliance requirements 

Also, the Zero Trust security model is built to align with NIST guidelines like continuous verification, stringent authentication and user id segmentation, and automate data collection from the complete IT stack. Here are the 3 basic principles and functions behind the zero trust architecture:

  • Identify: The core of Zero Trust security lies in the statement, ‘never trust, always verify’, a sharp departure from the ‘trust but verify’ of traditional security systems. The foundation of the model assumes a potential breach and thus trusts no users, devices, or credentials at face value. A good zero trust plan starts out with mapping out the current environment  and making a checklist of all the devices, data, networks, etc.
  • Assess: The Zero Trust model mandates a deep assessment of every user, device, and interactions to plan stringent verification and authentication procedures 
  • Secure: The third principle seeks to remove the implicit trust that is characteristic of traditional security systems by securing the network through granular access controls and monitoring 

So, how do you set up a Zero Trust framework in your organization?

Set up identity and access management  processes 

Identity and access management (IAM) functions like MFA, SSO, risk-based authentication and so on are one of the most critical aspects of the zero trust architecture. 

For instance, building a universal directory through a single sign-on (SSO) is critical to managing user role access across a wide range of roles (customers, contractors, employees, partners). 

Implement microsegmentation

With microsegmentation you will be partitioning networks and forming boundaries around resources to enforce network security. This means you configure perimeters and permissions at the workload and application level to create secure zones within network traffic. This reduces the attack surface considerably.

Craft detailed policies

Traditional security principles no longer work efficiently. That applies to the organization’s policies as well. A successful implementation comes down to well-defined policies aligned with business goals that can be used to configure and implement security tools across the company.

Continuously monitor

Detecting, preventing, and securing need to be done on a continuous basis to anticipate potential threats and be responsive in real time. 

The takeaway

Gartner’s Distinguished VP Analyst Neil MacDonald puts it well. “Zero trust is a way of thinking, not a specific technology or architecture. It’s really about zero implicit trust, as that’s what we want to get rid of.” 

And it looks like organizations are listening. A Gartner’s report shows that the total spending on Zero Trust security models will grow from US$820 million in 2022 to US$1.674 billion by 2025, at an exponential CAGR of 26%. 

Are you listening too? 

Deepak Mathur
Partner at KPMG LLP
Uniting security leaders and practitioners on a mission to democratize software security and solve its ever-evolving challenges with the power of Community.
The Book
Membership
Podcasts
Blogs
Events
Past Events
AppSecCon New York Reception
AppSecCon Austin Reception
AppSecCon  Santa Clara Reception
Mumbai Chapter
Atlanta Chapter
Bengaluru Chapter
Davos Dialogue
Resources
Contact Us
Copyright © Powered By ArmorCode Inc.
Privacy Policy
|
Terms & Conditions
The information contained in the Purple Book of Software Security and associated marketing material contains content expressed by Purple Book Community members. These opinions are their own, are not affiliated with the organizations that they belong to and have no commercial affiliation or any endorsement of any commercial products or services, including the community sponsors.