Juniper analyzes characteristics and strategies to have a correct Zero Trust approach, to be adopted according to specific projects and needs.

The Zero Trust approach has been discussed for some years now. In fact, everything suggests that it will be the increasingly widespread model in terms of data security. However, many organizations still find difficile take the first step.

The importance of visibility for a Zero Trust approach

Many networking and security solution providers have started developing solutions and rebranding campaigns to capitalize on the Zero Trust approach. However, decision makers are still confused about how to launch their own ventures and often don’t know where to start. Starting from visibility is fundamental. With Zero Trust we are not just talking about asset visibility, but about data divisibility and classification. As well as visibility at a much more granular level on privileges, accounts, impersonal entities, APIs. For Zero Trust, the visibility and interoperability of these elements have scope

Have a strategy

Generally, organizations can define a board-level strategy in their approach to security. Putting teams to work on projects and products over a period of 18-36 months. Or choose to solve problems as they arise with timely projects in an unstructured way. While much more practical, the second approach features the risk end up with an excessive amount of solutions that overlap or leave holes in the fabric, as well as being very expensive to manage.

The most suitable projects to start Zero Trust initiatives

Short-term IT projects, such as third-party or vendor access . This does not affect the entire user population, so costs and impact are low. Generally, this is an easy decision, and if it doesn’t align with your long-term strategy, you can backtrack without too much damage.

. This does not affect the entire user population, so costs and impact are low. Generally, this is an easy decision, and if it doesn’t align with your long-term strategy, you can backtrack without too much damage. Greenfield approach . That is, when an organization is in an upgrade cycle. If a business is starting to migrate resources to the cloud and replace VPNs, they are already shopping and making decisions. This is the time to implement a zero trust strategy in a relatively simple way.

. That is, when an organization is in an upgrade cycle. If a business is starting to migrate resources to the cloud and replace VPNs, they are already shopping and making decisions. This is the time to implement a zero trust strategy in a relatively simple way. New laws and regulations can come into play. If a business has data types that fall within the scope of compliance, the process is fairly straightforward.

Once a project has been identified and selected, it is necessary to map and evaluate the security risks in relation to the context. Many potential breaches are caused by users trying to access resources or devices trying to access other devices. Security issues related to micro-segmentation of workloads can also arise, especially in data center environments.

The four main solutions for a Zero Trust approach

In general, it is possible to identify four main types of solutions that can help organizations approach the Zero Trust model:

Network access control . A Network Access Control (NAC) process adds user and device access control policies to the network. Policies can be based on user and/or device authentication and the state of the endpoint configuration.

. A Network Access Control (NAC) process adds user and device access control policies to the network. Policies can be based on user and/or device authentication and the state of the endpoint configuration. Zero Trust access to the network . ZTNA (Zero Trust Network Access) is an IT security architecture that provides secure remote access to an organization’s applications, data and services based on clearly defined access control policies.

. ZTNA (Zero Trust Network Access) is an IT security architecture that provides secure remote access to an organization’s applications, data and services based on clearly defined access control policies. Cloud access security broker. According to Gartner, a cloud access security broker (CASB) is a point of enforcement of security policy on-premises or in the cloud. It stands between consumers and cloud service providers to combine and enforce corporate security policies when accessing cloud resources.

According to Gartner, a cloud access security broker (CASB) is a point of enforcement of security policy on-premises or in the cloud. It stands between consumers and cloud service providers to combine and enforce corporate security policies when accessing cloud resources. Gateway web sicuri. A secure web gateway is a solution that filters malware and unwanted software from user-initiated web/internet traffic and ensures compliance with corporate and regulatory policies.

The Secure Access Security Edge (SASE) model can also be added to the list. Being a security framework that offers converged networking and security in the form of features such as SD-WAN, Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Network Firewall (NGFW), and Zero Trust Network Access (ZTNA).

The optimal solution

There are many factors to consider when choosing a Zero Trust solution: is it in the cloud? What is the learning curve? How does it fit with the current security roadmap and how much does it affect the workload? Companies need to quantify these factors by assigning values ​​and finding a way to measure possible solutions and map the real solution.

What is reality

Everyone is looking for the ideal solution capable of solving the challenges associated with Zero Trust. The reality is that as enterprises move through these use cases, they will encounter different policy engines and different points in the infrastructure that are still making access decisions. At least in the near future. For now, companies need to be prepared to have, shall we say, multiple sources of truth, as they did to some extent in various implementations.

Where to start to have a correct Zero Trust approach

A very advantageous aspect of the mapping exercise of the solution is that it is a targeted approach. This prevents organizations from managing a set of different tools and isolated solutions. The intent should be to adopt the highest priority projects in the previously mentioned categories aiming to implement effective Zero Trust strategies.