Not at all. Zero trust is an architectural approach based on three core principles: least privilege, continuous verification and assume breach. Those principles can be applied across any type of environment. There is no need for your security capabilities, nor the underlying workloads and data they protect, to reside in the cloud.
Access policies should be based on the zero-trust principle of least privilege — in other words, entities should be given the minimum level of access required to get their job done. By minimizing access to data, applications, workloads and systems, you can minimize the overall attack surface. Once established, you should continue to certify and validate access privileges, removing any privileges that are no longer required.
Cloud-delivered applications and services provide tremendous benefits and business agility for all parts of your organization. Often the increased usage of these services is driven by shadow IT. Through a successful zero-trust framework — offering increased visibility, inline security controls and increased risk prevention — you can experience the benefits of cloud without slowing or restricting productivity gains. Consider integrating tools for adaptive access, data loss prevention and cloud access security brokers (CASB).
Integrating security in a hybrid multicloud environment is both possible and highly recommended. But it requires more than simply adding controls and point solutions. To manage a cohesive hybrid multicloud security program, you need central visibility and control. Whether public or private, your cloud environments should have embedded security controls for identity, data, workloads and network. Make sure these controls align with your on-premises security capabilities and integrate with existing solutions such as your threat management program.
IBM’s hybrid cloud strategy powered by zero trust can protect your data, your people and your reputation by bringing security to every user, every device and every connection – every time. We’ll help you integrate tools and unify processes for comprehensive, predictive security as you grow.