With the rise in remote work resulting from the pandemic, many organizations have had less visibility into who is accessing their networks and data. An increased number of unsecured endpoints has made it challenging to know who and what can be trusted.
Facing the constant threat of ransomware and phishing attacks, more organizations are turning to a zero-trust strategy to restrict access to valuable resources. According to Palo Alto Networks, “Zero trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction.”
Paul Kaspian, principal product marketing manager for zero trust at Palo Alto Networks, joined CDW’s Tech Talk webcast to discuss why zero trust is becoming a common approach to cybersecurity.
The Pandemic Has Changed the Concept of Trust for Cybersecurity
Kaspian began by observing that the pandemic was a wake-up call for many organizations that found they had to look at how they were securing remote users.
“You want to eliminate implicit trust as much as possible. So, some of the legacy ways that we were connecting remote users maybe weren’t the best or most secure ways of doing that,” he said. “The pandemic has magnified that focus and also increased the sense of urgency for organizations to move to a zero-trust architecture.”
Along with the move to remote work, the pandemic has seen an increase in the frequency of ransomware attacks. “Attackers are much more sophisticated. I think we see that urgency reflected in things like the executive order back in May, where the federal government was instructed to take a zero-trust approach, and also vendors working with them. This has had a trickle-down effect.”
Register below for an upcoming CDW Tech Talk, held Tuesdays at 1 p.m., to hear from IT experts live.
Digital Transformation Has Contributed to the Need for Zero Trust
“If you look back over the last several years, organizations have changed a lot of things,” Kaspian said. “We’ve been experiencing network transformation, data center transformation and, finally, SecOps transformation.
Kaspian noted that many security operations centers are modernizing their approaches by automating security tasks that are more manual. “As these things have changed, they not only have forced us as an industry to look at the way that we’re approaching security but they’ve also presented this wonderful opportunity to rebuild some of these pieces that maybe before were not very scalable, or maybe difficult to manage and created a lot of complexity.”
“The way I see digital transformation fitting into zero trust is that it gives us an opportunity as an industry to go off and retool some of our approaches to security,” Kaspian continued.
The Journey to Zero Trust Begins With Users
Kaspian pointed out three areas where technology solutions can help an organization begin a journey toward zero trust: users, applications and infrastructure.
“Users, quite frankly, are where a lot of organizations start. That’s simple things like making sure you have good visibility into who’s connecting to the network or who’s accessing applications and resources on the network,” Kaspian said. “Make sure you have an insight into the devices that those users are using and deploying zero-trust best practices like strong authentication, multifactor authentication, so that users only have access to the resources they need to do their jobs.”
Kaspian said that from an IT security standpoint, users can be seen in two different ways. “One is that we want to make sure those users are secure on the network. We want to eliminate that implicit trust.”
The other end-user aspect pertains to the user experience. “It’s not just about the security but creating a user experience where the zero-trust controls and the policies are really transparent to the user,” he said. “You need to make sure that you’re protecting the data and the infrastructure from the user and maybe a compromised device. But you also want to make sure that users have a good experience. They have the tools they need to do their jobs, and security isn't impeding that experience.”
Digital Transformation Sometimes Adds Unwanted Complexity
In recent years, organizations across multiple industries have sought ways to transform their operations digitally that might offer a competitive advantage. While some of those developments have delivered on their promises, they can also bring unintended consequences.
Ruben Chacon, technology vice president and CISO at CDW, furthered the conversation with his thoughts on digital transformation. “These digital transformations are bringing also digital dependencies and ecosystems. Those are increasing along with the potential for greater disruption,” he said. “Adversaries are adapting their methods in response to new security controls and capabilities, and that means that organizations must continually improve their security posture, because cybersecurity is an evolving issue.”
Gabriel Whalen, manager of the information security solutions practice at CDW, agreed with Chacon, saying, “The enemy of security is complexity, and the more complex our environments get, we may not even be aware of where all those entry points are.”
Follow BizTech’s full coverage of the CDW Tech Talk series here. Insiders can register for the event series here.