By George Lattimore Posted July 15, 2018
The concept of a zero trust architecture in today’s IT environment is steadily gaining traction. Reports of security breaches are a near-everyday occurrence, so it only makes sense that IT admins would begin exploring new, innovative approaches for keeping their IT networks secure. You don’t need to be an IT admin to see that traditional models for security have broken down, but often, it’s not because these models were bad or poorly constructed. Mainly, it’s because the IT landscape has shifted so dramatically around them.
After surveying the widespread panic caused by security breaches, most IT admins would agree that a zero trust architecture is a viable strategy. The challenge now is, of course, how do IT organizations implement zero trust architecture effectively from their current position?
From Castles to the Cloud
For IT security over the last two decades, the fundamental concept has been to protect the most critical digital assets by storing them at the core of the organization. From this centerpiece, rings of security are placed around the most critical digital assets with things like encryption, host intrusion detection, file integrity monitoring, firewalls, network intrusion detection, VPNs, and much more. Like a maze or a castle with walls and a moat, a hacker would need to find a way through that deterring combination of security solutions to get to the core.
As mentioned previously, however, the IT landscape has been shifting, and two sequences started to unfold. First off, hackers realized an alternate route into the core by changing their plan of attack, redirecting their efforts towards stealing users’ credentials instead. By having a set of keys to all of the locks, hackers were able to bypass any of the moats and mazes for security, and just walk across the drawbridge, so to speak. IT admins saw this and began to realize that identity security was perhaps the most critical area to focus on going forward.
The next development involved the structure of IT organizations in general, as critical data was no longer being stored exclusively at the center. Now, data was being stored and accessed everywhere: in the cloud, in web applications, and on devices, just to name a few. The problem of protecting networks had shifted, and rather quickly, the game was blown wide open.
Employing Zero Trust Architecture
Because of this fundamental change in the nature and structure of the IT network at large, IT organizations began trying out new security solutions. Once the concept of a network was realized as just a transport mechanism for data and applications all across the world, being hosted by different providers and services along the way, the root of the problem was exposed. Now, a user’s machine and their identity acted as the gateway to these resources, with a network as the conduit, and zero trust architecture was seen as a plausible way to protect the user’s credentials from falling into the wrong hands.
In other words, the perimeter of control for IT organizations had essentially disappeared. Users and their devices can access data and use applications anywhere under the sun. Therefore, everything and everyone can be compromised, and constant vigilance is a must.
By forcing users and systems to establish ties with other IT resources, IT organizations are dramatically stepping up their security game. Users can now be required to maintain multiple layers of authentication using strong passwords, SSH keys, multi-factor authentication, and more. Systems can be forced to provide certificates verifying that trust has been previously established before communication can commence.
All of these approaches and more are driving a new area of the security market: zero trust architecture has arrived.
If you would like to learn more about the role that cloud identity management can play in your approach to zero trust architecture, contact us directly. We’d be happy to answer any questions you have, and set you up with a personalized demo of JumpCloud® Directory-as-a-Service®. Ready to explore the security features for yourself? Sign up for a free account and dive in. Your first 10 users are on the house, forever.