Cyber Security

Why network-based zero trust doesn’t protect your most valuable assets

Published

on

The state of cybersecurity was vastly different when the zero trust model was first developed by Forrester’s John Kindervag in 2009. After all, that was nearly 13 years ago — Barack Obama had just started his second presidential term, Tom Brady only held three Super Bowl victories to his name, and the H1N1 swine flu was the closest thing to a pandemic our society had experienced. 

Needless to say, a lot has changed since then. 

The same can be said for the cyber threat landscape. Over the last decade, the rise of mainstream digital adoption, cloud migration, mobile computing and the continued exponential growth of unstructured data has left enterprise networks exceedingly complex to secure and, as a result, increasingly vulnerable to attacks. Once reliable first-generation IT security solutions like firewalls, intrusion detection and endpoint security software were ill-equipped to defend against the omnipresent and ever-evolving nature of malicious insiders, ransomware extortionists, cybercriminal hacktivists and state-sponsored attackers — all of whom are now more skilled, sophisticated and well-funded than ever before. 

Aligning our cyber defense models with an evolving threat landscape is a real and imminent need across the cybersecurity community. With the current state of zero trust, legacy models like two-factor authentication, ZTNA, and other network-based approaches fail to protect unstructured data, which is often the primary asset threat actors are after. Making measurable strides toward fostering a safer cyber future will require a transformational shift to data-centric zero trust that better secures the unstructured data highly sought after by cybercriminals. 

The Problem with Perimeter Protection 

Perimeter protection is a key component of network-based zero trust, but it doesn’t address the real vulnerabilities that exist today. For a deeper understanding, envision an organization’s network architecture like an onion with its data assets sitting at the core. By operating with network-based zero trust principles, an organization is essentially relying on the onion’s external layers for protection without real-time visibility into the state of the core inside of it. In addition, they are assuming malicious actors and non-malicious actors are differentiable by their characteristics and credentials alone — when in reality, only behaviors can indicate their true intentions. 

Each time a layer is peeled by an internal actor — regardless of whether it’s a harmful attacker or harmless employee — the lack of IT visibility prohibits the organization from assessing the actor’s behaviors to determine the nature of the compromise before the core data assets are infiltrated. This inability to understand the scope of the threat and mitigate its impact is a driving factor of our global cyber crisis, and it’s the reason we’re stuck in this position, to begin with. 

The Case for Data-Centric Zero Trust 

A data-centric zero-trust approach offers a proven alternative to the clear issues of legacy network-based principles. Its framework is built around the use of advanced data security solutions that generate real-time visibility to better protect data at the core; adopting an inside-out version of the “trust no one, verify everything” viewpoint at the foundation of zero trust. 

Data-centric zero trust solutions can come in various forms and fashions, but one of the most interesting and effective from an enterprise perspective is cyber storage solutions. They leverage artificial intelligence and machine learning to converge heightened cyber storage functionality with zero trust security principles, which enable organizations to consistently monitor the behaviors of internal actors in any environment from a data perspective. As a result, they can pinpoint the exact moment a zero trust compromise becomes a significant threat putting their data assets at risk —  and then actively mount a quick and agile response to reduce damage at the core where their data assets are stored. The actionable real-time insights generated by this type of solution empower defenders to improve the state of their entire cybersecurity posture and adjust to the evolving nature of attacks. 

The meteoric rise of cyberattacks in 2021 was a byproduct of legacy mindsets and outdated practices that fail to align with the current threat landscape. It’s time we take action to change that. By shifting to data-centric zero trust with innovative solutions that integrate enhanced levels of control to data security, organizations can boost their ability to prevent breaches, defend against attacks, and combat increasingly sophisticated cybercriminal enterprises. 

Source: https://www.securitymagazine.com/articles/96567-why-network-based-zero-trust-doesnt-protect-your-most-valuable-assets

Click to comment
Exit mobile version