/
Zero Trust Segmentation

3 Takeaways From the NSA’s New Cybersecurity Information Sheet

The U.S. National Security Agency seal

The U.S. National Security Agency (NSA) has issued a new cybersecurity information sheet, Advancing Zero Trust Maturity Throughout the Network and Environment Pillar.  

I’m particularly excited about this document because it recognizes Zero Trust Segmentation (ZTS) as an essential component of Zero Trust, a stance I’ve taken since the beginning. In fact, in the second Zero Trust report ever written, Build Security into your Network’s DNA from November 2010, I wrote this: “…new ways of segmenting networks must be created because all future networks need to be segmented by default.”

With ransomware payments amounting to $1.1 billion in 2023, it’s essential that organizations build Zero Trust architectures with ZTS at their core. This is because ransomware attacks depend on flat networks for success. Flat networks are dangerous. You may pay the bills, but attackers own them.

Here are my top three takeaways from the new information sheet.

1. ZTS: A foundational Zero Trust technology

I've long believed that segmentation is how we create Protect Surfaces, the fundamental concept of Zero Trust. However, over the past few years, there has been a pronounced emphasis on the Identity pillar of Zero Trust. Identity is important, but the singular focus on this pillar has led to very few organizations understanding the importance of network security controls in building Zero Trust environments, both on-premises and in the cloud.

This is why it’s so great to see the NSA’s new information sheet reaffirm the value of network security in building Zero Trust — ZTS is finally getting the attention it deserves. According to Gartner, “By 2026, 60% of enterprises working toward zero trust architecture will use more than one deployment form of microsegmentation, which is up from less than 5% in 2023.”

ZTS is only going to become more important as the attack surface expands and networks grow increasingly complex and interconnected. It’s the best way forward for organizations to build resilience and establish a true and lasting Zero Trust architecture.  

2. You can’t build Zero Trust without data flow mapping

I want to give kudos to the NSA for calling out the significance of data flow mapping in the information sheet. In the early days of Zero Trust, I learned that you must first understand how a system works together before you can successfully build out Zero Trust environments. I’ve been advocating for flow mapping ever since.

Back in 2022, I was honored to be appointed to serve on President Biden’s National Security Telecommunications Advisory Committee subcommittee, where I was a part of authoring and delivering a report on Zero Trust to the President. This report documents the 5-Step Model I have been promoting for several years, with Step 2 focused entirely on Transaction Flow Mapping.  

Learn more about how Illumio can help you get end-to-end visibility across your entire hybrid attack surface.

3. Network security is Zero Trust

I see many organizations starting with the Identity pillar of Zero Trust, and unfortunately, I rarely see them making it to the Network pillar. This isn’t the right way of going about building Zero Trust. Network security is an integral part of Zero Trust — securing the network is Zero Trust!

I believe the NSA’s new guidance will greatly help organizations understand the value of the Network pillar of Zero Trust and seek out network security technologies on their journey toward a Zero Trust architecture.

ZTS is a foundational technology of Zero Trust’s Network pillar. ZTS contains the spread of breaches and ransomware across the hybrid attack surface. With the Illumio ZTS Platform, you can visualize how workloads and devices are communicating, create granular policies that only allow wanted and necessary communication, and automatically isolate breaches by restricting lateral movement proactively or during an active attack — across your cloud, endpoints, and data center environments.

As more of the world gets increasingly connected and the attack surface expands, it becomes even more essential for organizations to define, map, and secure the most important Protect Surfaces in their Zero Trust environments.  

Overall, I’m impressed with the NSA’s information sheet. It’s an important industry validator of the power and purpose of ZTS and should serve as a north star for organizations looking to build cyber resilience in the face of today’s evolving threats.

Contact us today to learn more about getting started with Illumio ZTS at your organization.  

Related topics

No items found.

Related articles

How AI and Machine Learning Can Accelerate Zero Trust Segmentation
Zero Trust Segmentation

How AI and Machine Learning Can Accelerate Zero Trust Segmentation

Learn how innovations in AI and ML can serve as powerful tools for accelerating the implementation of Zero Trust Segmentation.

5 Reasons Your Firewall Team Will Love Microsegmentation
Zero Trust Segmentation

5 Reasons Your Firewall Team Will Love Microsegmentation

The upgrade firewall administrators have long needed, micro segmentation moves the enforcement point to the application instance itself. Here’s how it works.

Are You Getting the Most Out of Your Zero Trust Strategy?
Zero Trust Segmentation

Are You Getting the Most Out of Your Zero Trust Strategy?

Digital transformation in the last few years has dramatically expanded the attack surface. To cope with the move to remote work and increasing migration to the cloud, many IT environments have shifted from on-premises to hybrid, hyper-connected networks.

Zero Trust Segmentation Is Critical for Cloud Resilience
Zero Trust Segmentation

Zero Trust Segmentation Is Critical for Cloud Resilience

Cloud resilience starts with Zero Trust. Learn the top three cloud issues solved by Zero Trust Segmentation, as shared by ZTS creator John Kindervag.

10 Reasons to Choose Illumio for Zero Trust Segmentation
Zero Trust Segmentation

10 Reasons to Choose Illumio for Zero Trust Segmentation

Learn why organizations are adopting Zero Trust Segmentation as a foundational and strategic pillar of any Zero Trust architecture.

4 Key Insights From the 2023 Gartner® Market Guide for Microsegmentation
Zero Trust Segmentation

4 Key Insights From the 2023 Gartner® Market Guide for Microsegmentation

Get insights from the Gartner Market Guide on implementing microsegmentation, also called Zero Trust Segmentation (ZTS), to secure hybrid environments, stop lateral movement, and build Zero Trust.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?