Beyond Zero Trust: Next-generation access
Devising a winning cybersecurity strategy
A few years ago, the concepts of microsegmentation and microperimeters for Zero Trust were championed by former Forrester analyst John Kindervag. He showed us how those concepts and their technologies could enable a more secure enterprise.
Once those concepts and their associated best practices hit the street, organizations from VMware to Cisco Systems to Palo Alto Networks quickly jumped on board the train of using powerful networking technology -- next-generation firewalls (NGFWs) and microsegmentation technology -- to push the envelope and align with the benefits of Zero Trust.
To put it bluntly, they just work.
TechRepublic: The best security? Have Zero Trust, says expert
In addition to a number of large government entities, prominent organizations like Google have employed these technologies and have gained real benefit from them (Google calls it BeyondCorp, but let's be honest, it's Zero Trust). We have to recognize that using NGFWs and microsegmentation/microperimeter technology is a must for any organization seeking the benefits of a Zero Trust strategy. It's time to embrace another critical component of any Zero Trust strategic initiative:
Next-Generation Access
Access control technologies are critical, as is where they would and should apply to a Zero Trust approach. To keep things as simple as possible: Command and control over who accesses the network -- and ultimately the data -- is key to Zero Trust. Period. Just as the NGFW and microsegmentation/microperimeter technologies enable an organization to better isolate, segment, and control the network fabric, next-generation access (NGA) performs the same functions at the "people" layer.
Vendors like Centrify, iWelcome, Microsoft (Office 365), Okta, and Ping Identity are just a few of those technology enablers that have solutions I would categorize as NGA and applicable to Zero Trust.
Just as NGFW and network-focused technologies for Zero Trust have specific capabilities, a few of the key points for NGA include:
- Correlation between accesses and users (who is doing what, where, and why)
- Single sign-on (SSO) for users (making access control simpler is key)
- Multifactor authentication (MFA) (reduces access threats exponentially)
- Some form of machine learning or automation, not only to make the access "learn" to look for anomalies, but also to make things better for the users the more they use the system
- Technical integration to enhance security at the network layer
- Clearly aligned with the ZTX ecosystem framework
Any organization considering a Zero Trust security strategy should also consider the application and use of NGA technology. Focusing solely on the network or data leaves gaping holes in security controls and will ultimately fail to fulfill any strategic security goals, much less a Zero Trust approach. NGA technologies enable better insight and better situational awareness of who is doing what in a network and enforce the policies that should be in place for data access, all key components of a Zero Trust strategy.
To learn more about these technologies and where they apply to the ZTX framework (subscription required) and Zero Trust in the future, follow Forrester's research on this critical area for security and risk professionals. Following the Russian cyberattacks on US infrastructure, I addressed the urgency around infrastructure security on Forrester's latest podcast episode, and covered why putting a Zero Trust framework in place is the best way to combat threats - before a crisis hits. Listen to it here.