Traditionally, the IT industry has relied on perimeter security strategies to protect its most valuable resources like user data and intellectual property. These security strategies involved using firewalls and other network-based tools to inspect and validate users going into and out of the network. However, digital transformation and the move to hybrid cloud infrastructure are changing the way industries do business. Relying on a network perimeter is no longer sufficient.
Many organizations are also adjusting their business models. They're offering customers new digital experiences they need and want while also enabling a global and disparate workforce. Recent events have only accelerated this digital transformation journey. Suddenly, organizations have thousands of individuals connecting from home computers outside an IT department's control. Users, data and resources are spread across the globe, making it difficult to connect them quickly and securely. And without a traditional on-premises infrastructure for protection, employees' home environments are more vulnerable to compromise, putting the business at risk.
Complicating things further, many enterprises are currently operating with a patchwork of security solutions and tools with poor integration. And as a result, security teams are spending more time on manual tasks. They lack the context and insights needed to reduce their organization's attack surface effectively. A rise in data breaches and an increase in global regulations have made protecting networks difficult. For context, the average cost of a data breach is almost USD 4 million in lost business and fines.
Applications, users and devices need fast and secure access to data, so much that an entire industry of security tools and architectures has been built to protect it. Zero trust addresses the security needs of this data-driven hybrid cloud environment. It provides organizations with adaptive and continuous protection for users, data and assets, plus the ability to manage threats proactively. In other words, this practice of never trust and always verify aims to wrap security around every user, device and connection for every single transaction. Applying a zero trust framework can also help defenders gain insights across their security business. They can enforce security policies consistently and detect and respond to threats faster and in a precise way. However, it also produces several corollary benefits, such as:
Developed by John Kindervag in 2010 while a principal analyst at Forrester Research, a zero trust architecture is a broad framework that promises effective protection of an organization’s most valuable assets. It works by assuming that every connection and endpoint is considered a threat. The framework protects against these threats, whether external or internal, even for those connections already inside. In a nutshell, a zero trust network:
To expand, the zero trust security model ensures data and resources are inaccessible by default. Users can only access them on a limited basis under the right circumstances, known as least-privilege access. A zero trust security model verifies and authorizes every connection, such as when a user connects to an application or software to a data set via an application programming interface (API). It ensures the interaction meets the conditional requirements of the organization’s security policies. A zero trust security strategy also authenticates and authorizes every device, network flow and connection based on dynamic policies, using context from as many data sources as possible.
To successfully implement a zero trust architecture, organizations need to connect information from across each security domain. Security teams across the company must agree on priorities and align on access policies. They must secure all connections across the business, from data to users and devices to applications, workloads and networks. This architecture requires a well-planned strategy and roadmap to implement and integrate security tools to achieve specific business-focused outcomes. To make a zero trust model work, adopters must:
It might seem like a limiting process from an outside perspective. But a zero trust model's successful implementation can help bring context and insight into a rapidly evolving attack surface to the security team and improve the users' experience.
Zero trust requires a broad portfolio of security capabilities and experience: identity, data, devices and workloads, analytics and visibility, automation and orchestration, and network and endpoint.
Define and govern zero trust security policies managing access across all users and privileged accounts with SSO, multifactor authentication and lifecycle management.
Protect critical data using zero trust security practices. Discover, classify and manage data access according to risk.
Defend the organization with zero trust security practices—from applications secured by design to monitoring and managing endpoints.
Monitor and enforce zero trust security policies with intelligent analytics. View and monitor the behavior of all users, resources and data connecting within the business.
Rapidly solve and iterate on security issues that occur as part of a zero trust practice with orchestrated actions and common playbooks.
Apply proven skills, expertise and modern solutions to protect a network, infrastructure and endpoints from today's cybersecurity threats.
A zero trust model requires context (link resides outside of ibm.com) to be effective. Therefore, security teams must collect and use information from across the business to create the context necessary for quick decisions about each connection's trustworthiness. When executed continuously, this model helps organizations speed the process of securely authorizing connections. It enables the right user under the right conditions to gain the right access to the right data. The following four zero trust principles establish a governance model for sharing context between security tools to protect users' connections, data and resources.
Understand users, data and resources to create coordinated security policies aligned with the business. This process requires discovering and classifying resources based on risk, defining granular resource boundaries and separating users according to roles and duties.
Protect the organization by quickly and consistently validating context and enforcing policies. This detail requires actively monitoring and validating all access requests against those conditions defined in the company’s policies to grant the right access quickly and consistently to the right resources.
Resolve security violations with minimal impact to business by taking targeted actions. This job requires preparation and taking targeted actions, such as revoking access for individual users or devices, adjusting network segmentation, quarantining users, wiping devices, creating an incident ticket or generating compliance reports.
Continually improve security posture by adjusting policies and practices to make faster, more informed decisions. This operation requires continuously evaluating and adjusting the policies, authorization actions and remediation tactics to tighten each resource's perimeter.
Like a virtual private network (VPN), zero trust network access (ZTNA) provides secure remote access to applications and services. Unlike a VPN, a ZTNA is based on defined access control policies, denying access by default and providing user access to services when explicitly granted. ZTNA establishes secure access after it authenticates a user through a secure, encrypted tunnel, allowing users to see only applications and services they have permission to access. This protection method prevents lateral attacker movement, a vulnerability that cybercriminals leverage to scan and pivot to other services. With ZTNA, organizations can implement location and device-specific access control policies, preventing possibly compromised devices from connecting to its services.
Digital transformation and the move to hybrid multicloud are changing the way we do business. And users, data and resources are now spread across the globe, making it difficult to connect them quickly and securely. With IBM zero trust security solutions, you can help protect enterprise data and resources by making them accessible only on a limited basis and under the right circumstances.
Attackers are persistently working to breach your network, using sophisticated methods to find a way in. Do you have the visibility to stop them? What about those already on the inside? IBM can help protect your entire network with next-generation network security solutions that intelligently recognize unknown threats and adapt to prevent them in real time.
Data provides a critical foundation for every operation of your organization, so protecting and using it securely is central to a zero trust strategy. Unfortunately, cybercriminals also see your data's value and seek to exploit security vulnerabilities to put your information at risk. Whether on-premises or in hybrid multicloud environments, IBM data solutions help you gain greater visibility and insights to investigate and remediate threats and enforce real-time controls and compliance.
Identity and access management (IAM) is essential for securing the hybrid multicloud enterprise. IBM identity solutions deliver a frictionless and secure experience for every user, asset and data interaction, providing a foundation for a zero trust strategy. Grant access rights, provide single sign-on from any device, enhance security with multifactor authentication, enable user lifecycle management, protect privileged accounts, and more.
Data breaches are almost always the result of compromised endpoints and privileged credentials. That's why monitoring and protecting privileged accounts has become crucial. To thoroughly protect sensitive data, put IBM privileged access management (PAM) solutions in place to keep both endpoints and privileged credentials secure.
Integrating public cloud services into your existing enterprise security program requires an assessment of your resources and business needs to develop a fresh approach to your culture and cloud security strategy. To manage a cohesive hybrid, multicloud security program, you need to establish visibility and control. IBM Security products and experts can help you integrate appropriate controls, orchestrate workload deployment and establish effective threat management.
Implementing cybersecurity best practices has become a top priority for enterprise businesses, where data sensitivity is at the highest level. Widely available hacking tools and sophisticated digital extortion tactics put client and business data, and even operations, at risk. So maintaining a proactive cybersecurity approach is essential to mitigating both short- and long-term business continuity risks.
Because it stands between users and critical enterprise assets, identity and access management (IAM) are critical components of any enterprise security program. It helps protect against compromised user credentials and easily cracked passwords that are common network entry points for criminal hackers who want to plant ransomware or steal data.
As attack surfaces change, so must the approach to threat management. Read the latest security intelligence and analytics articles, including security information and event management (SIEM) and threat detection.
"[M]any vendors in the security industry are looking at zero trust security from the wrong perspective. Security isn't something you can just 'do.' And zero trust isn't something you can buy or implement. It's a philosophy and a strategy. It's an IT strategy done securely."