In the cybersecurity industry, questions and debates are constant companions. They evolve and adapt, much like the threats we seek to secure against.
One such question, "Is network security dead?," resurfaced in 2004 when the Jericho Forum introduced the concept of deperimeterization. Though the Jericho Forum declared success and disbanded in 2013, the answer to this question remains elusive.
A decade later, the landscape has shifted with new paradigms emerging, particularly the concept of Zero Trust, making the question more relevant than ever.
What is deperimeterization?
In the early 2000s, the Jericho Forum, a group of visionary thinkers in the field of cybersecurity, posed the idea of deperimeterization questioning the state of the traditional network perimeter and its relevance in the modern enterprise. The group’s quest for deperimeterization challenged the traditional approach to network security which relied heavily on network boundaries and perimeter defences.
Back then, there were few viable alternatives to perimeter-less network security, making any transition to a more modern form of security challenging. But over the course of the next decade, the cybersecurity landscape underwent a seismic shift – leading us to our current focus on Zero Trust and breach containment.
Deperimeterization is fundamental to a Zero Trust approach
Fast forward a decade, and we find ourselves in the era of Zero Trust, a security model with striking similarities to the Jericho Forum's vision of deperimeterization. Both concepts share a fundamental assumption: The network perimeter can’t be trusted as the last stop for security. In this new paradigm, the focus shifts from securing the network as a whole to securing individual resources and assets.
One area where this shift in perspective becomes particularly evident is operational technology (OT). Traditional OT security, based on the Purdue Enterprise Reference Architecture, relies on a model with multiple trusted layers separated by firewalls. Each layer contains numerous systems and technologies, often running proprietary operating systems and protocols. Many of these systems are challenging to update or patch, posing vulnerabilities that could allow threat actors to achieve deep-layer lateral movement with catastrophic consequences.
The migration to Industry 4.0 and Industrial Internet of Things (IIoT) allows us to transition from the vulnerability of trusted networks in the Purdue model to a Zero Trust approach within critical infrastructure.
In the traditional IT environment, it's increasingly common to install technologies like Endpoint Detection and Response (EDR) and Zero Trust Segmentation on every asset to protect individual resources. Manufacturers of IIoT equipment must embed these technologies in their products or make them easily installable.
Accelerated digital transformation requires Zero Trust breach containment
The world has changed drastically in the past decade. While cloud adoption was on the rise, the full benefits of technologies like containers, 5G networks, and new remote access methods were yet to be realized. Then came the COVID-19 pandemic, accelerating digital transformation and automation across numerous industries. Suddenly, we find ourselves at the precipice of a technology shift, potentially faster than our existing security architectures can manage.
Amid this transformation, Zero Trust has emerged as a significant force in reshaping security strategies. The shift from a "prevent all attacks" mindset to assuming breaches will happen and planning to survive them represents a 180-degree turn from the last 30 years of cybersecurity thinking.
Instead of attempting to identify and block what's bad, the focus now centers on identifying what's good and allowing it. This approach simplifies policy design, reduces costs, and mitigates the misconfigurations that often lead to security incidents.
Zero Trust Segmentation: Decoupling security from the network
Consider the concept of network segmentation. If the network cannot be trusted, then neither can a network segment, unless it contains only one device. This necessitates the creation of micro-segments, which are accessed on a least-privilege basis by resources with verified identities.
This concept leads us to Zero Trust Segmentation, also called microsegmentation, which offers security portability and increased flexibility by decoupling from the network.
A noteworthy byproduct of this shift is the reduction in the number of rules needed for perimeter firewalls. This not only saves money by shrinking the firewall's size but also reduces the time required to manage and modify policies. In fact, Forrester research shows that Zero Trust Segmentation offers a 90 percent decrease in operational effort by InfoSec teams to implement and manage segmentation.
The fate of network security: Exaggeration or reality?
So, is network security truly dead?
I would argue that reports of its demise are exaggerated. Traditional techniques like network detection and response, behavioral analysis, and perimeter firewalls still play a critical role in our cybersecurity arsenal. These tools continue to be essential for monitoring and controlling network traffic and identifying potential threats.
However, the evolution to a Zero Trust model has revolutionized our approach to security. It has shifted the emphasis from guarding the perimeter to safeguarding individual assets. This shift simplifies security policies, reduces costs, and enhances flexibility. It's a pivot from "keeping the bad out" to "allowing the good in."
As we look ahead, it's clear that the landscape of cybersecurity will continue to evolve. The concept of network security may not be dead, but it has transformed into something more adaptable and resilient.
Let's revisit this question in another 10 years and see where we stand. In the ever-changing world of cybersecurity, the only constant is change itself.
Want to learn more about Zero Trust and Zero Trust Segmentation? Contact us today for a free demo and consultation.