Zero Trust

No more network, no more network security

Sep 01, 2021
No network no security

With the continued uncertainty around the pandemic, mass remote work will stick around for the foreseeable future. Many globally recognized companies let their employees work from home at least through the end of the year, if not longer. But what about beyond?

Comprehensive studies indicate that most companies will keep work-from-anywhere (WFA) as a permanent part of their corporate strategy. The WFA answer isn’t black and white. Most likely, some split percentage of people in vs. out of the office will continue, and a new hybrid model will take hold as the norm. 

Eventually, we'll leave the pandemic behind and transition into a new hybrid work environment. Traditional network infrastructure and security approaches will be out of place if are to meet demanding user experience expectations.

In the latest episode of The CIO Evolution, I spoke with Zscaler Director of Transformation Strategy Kevin Schwarz about how zero trust architectures can help digital transformation. Here are some the key ideas: 

How is the world moving from what is essentially an old model to a new model? What are the key things that have to be considered? And what's the impact on traditional security?

I dived right into the dilemma faced by today’s leaders: the demands to adopt digital business can’t be ignored, and the mass move to work from anywhere over the last year and a half only accelerated the urgency. Leaders must come to grips with these new demands and prioritize infrastructure and security modernization.

Kevin rightly pointed out: “We can't force people back into offices. We can't force people to use old windows laptops. We have to adapt to user expectations, but we also have to know who is accessing what. We need security, and we need visibility. And the term on everybody’s mind is ‘zero trust.’ Zero trust architecture is what everybody hopes will bring answers for today’s and tomorrow’s transformation and security issues.”

WFA culture has businesses grappling with the security impact of application access across untold endpoints. Establishing a perimeter is no longer a viable solution. Instead, the term network as we have come to understand it is a thing of the past, and new cloud-centric IT security models are all about visibility and identity. 

CIOs and CTOs are simply unable to reign in device and host usage in a decentralized workforce. But what they can do is adapt security architectures that explore who has access to each application and to what end. This knowledge can help protect assets against specific threat actors (who) rather than attempting to guard an application or device (what).

How do leaders like myself respond?

Managing internet traffic is a significant portion of the IT department’s daily struggle. It makes up 40-70% of all corporate traffic. As more people work outside the corporate office and connect to more cloud-based applications and infrastructures, more traffic gets backhauled or “tromboned” via the classical IT infrastructure. 

This isn’t an option anymore. We need to move beyond the “network” to a more cloud-based infrastructure that isn’t centered on geographic locations.

Kevin opined: “I think the term ‘network’ is becoming an outdated term. I mean, I think the corporate data center will still exist (even with 5G), but terms like ‘network security’ will vanish because security has to be everywhere users live and has to protect whatever users consume.”

Leaders can start by learning how their high-level architecture works today and auditing true user requirements. Establishing least privileged access controls through identity and authentication streamlines, rather than limits, access. This turns CIOs and CTOs into enablers who provide critical security-as-a-service options that make every business an IT business. 

So what's the advice for leaders adopting cloud- and mobile-first technology? What should their priorities be, and what should they be looking for?

The COVID-19 crisis has shown that the new hybrid workplace requires scalable solutions. Newer architectures such as secure access service edge (SASE) and zero trust supporting today’s realities are replacing legacy networks and delivering the agility and resiliency that businesses need to compete and succeed in the modern, digital landscape. 

These architectures use the internet as the new corporate network and the cloud as the new data center. Optimizing and securing these connections for users and customers is critical for performance and productivity.

Kevin hit the nail on the head with his comment: “Understanding how to change enterprise architectures requires you to have a deep understanding of it as it exists today. How do I use it? How is it working? How complicated is it? What are my users’ pain points? Once you can answer these questions, you can move to what it could look like tomorrow.” 

Zero trust architectures create less expensive and better-performing security by securing connections between users and applications and removing the need for costly infrastructure services.

A 2020 Gartner Zero Trust Market Guide predicted that 80% of businesses would access new digital applications using zero trust architectures that will supplant legacy security solutions such as virtual private networks (VPN) for remote employees and third parties for two reasons: 

  • Legacy solutions can’t accommodate enterprise network transformation initiatives.
  • Large, hardware-based security stacks are expensive and can’t scale to meet the added traffic generated by the shift to the cloud.

With zero trust, IT can create the shortest routes for end users to necessary applications on a per-user basis. This eliminates the cost and maintenance of convoluted architectures and relies instead on identity-based controls. Teams can optimize both user experience and security protocols by understanding the latest cloud options available that support encryption, visibility, and limited attack surfaces. 

You can listen to the whole conversation in the latest episode of The CIO Evolution.