Beyond Zero Trust: Next-generation access

Is your organization considering Zero Trust? Here's why you should also consider NGA.

Devising a winning cybersecurity strategy

special feature

Cybersecurity in an IoT and Mobile World

The technology world has spent so much of the past two decades focused on innovation that security has often been an afterthought. Learn how and why it is finally changing.

Read More

A few years ago, the concepts of microsegmentation and microperimeters for Zero Trust were championed by former Forrester analyst John Kindervag. He showed us how those concepts and their technologies could enable a more secure enterprise.

Once those concepts and their associated best practices hit the street, organizations from VMware to Cisco Systems to Palo Alto Networks quickly jumped on board the train of using powerful networking technology -- next-generation firewalls (NGFWs) and microsegmentation technology -- to push the envelope and align with the benefits of Zero Trust.

To put it bluntly, they just work.

TechRepublic: The best security? Have Zero Trust, says expert

In addition to a number of large government entities, prominent organizations like Google have employed these technologies and have gained real benefit from them (Google calls it BeyondCorp, but let's be honest, it's Zero Trust). We have to recognize that using NGFWs and microsegmentation/microperimeter technology is a must for any organization seeking the benefits of a Zero Trust strategy. It's time to embrace another critical component of any Zero Trust strategic initiative:

Next-Generation Access

Access control technologies are critical, as is where they would and should apply to a Zero Trust approach. To keep things as simple as possible: Command and control over who accesses the network -- and ultimately the data -- is key to Zero Trust. Period. Just as the NGFW and microsegmentation/microperimeter technologies enable an organization to better isolate, segment, and control the network fabric, next-generation access (NGA) performs the same functions at the "people" layer.

Vendors like Centrify, iWelcome, Microsoft (Office 365), Okta, and Ping Identity are just a few of those technology enablers that have solutions I would categorize as NGA and applicable to Zero Trust.

Just as NGFW and network-focused technologies for Zero Trust have specific capabilities, a few of the key points for NGA include:

  • Correlation between accesses and users (who is doing what, where, and why)
  • Single sign-on (SSO) for users (making access control simpler is key)
  • Multifactor authentication (MFA) (reduces access threats exponentially)
  • Some form of machine learning or automation, not only to make the access "learn" to look for anomalies, but also to make things better for the users the more they use the system
  • Technical integration to enhance security at the network layer
  • Clearly aligned with the ZTX ecosystem framework

Any organization considering a Zero Trust security strategy should also consider the application and use of NGA technology. Focusing solely on the network or data leaves gaping holes in security controls and will ultimately fail to fulfill any strategic security goals, much less a Zero Trust approach. NGA technologies enable better insight and better situational awareness of who is doing what in a network and enforce the policies that should be in place for data access, all key components of a Zero Trust strategy.

To learn more about these technologies and where they apply to the ZTX framework (subscription required) and Zero Trust in the future, follow Forrester's research on this critical area for security and risk professionals. Following the Russian cyberattacks on US infrastructure, I addressed the urgency around infrastructure security on Forrester's latest podcast episode, and covered why putting a Zero Trust framework in place is the best way to combat threats - before a crisis hits. Listen to it here.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All