Zero Trust Segmentation Is Critical for Cloud Resilience

Organizations are quickly moving to the cloud, but there’s still a lot of data in the data center. This means security teams are often attempting to build cloud resilience in hybrid environments. But traditional data center security methods don’t work in the cloud, and it’s time for security and risk management leaders to implement Zero Trust Segmentation (ZTS) as part of their larger cloud resilience initiatives.

Why Zero Trust Segmentation matters now

I’ve been talking about ZTS for years — in fact, the second report ever written on Zero Trust was one I wrote 13 years ago, Build Security Into Your Network’s DNA: The Zero Trust Network Architecture.  

In the report, I recognized the importance of segmentation and centralized management as key components of Zero Trust and wrote: “New ways of segmenting networks must be created because all future networks need to be segmented by default.”

Traditional flat networks are a malicious actor’s dream — they’re owned by malicious actors, and you’re just paying the bills. In today’s threat landscape, attacks and intrusions are unavoidable, and prevention and detection tools aren’t enough to stop ransomware attacks and prevent data breaches. The best way to stay resilient against these attackers is by building a Zero Trust environment, and ZTS is foundational to any Zero Trust strategy. ZTS helps to define and secure the Protect Surface, stopping malicious actors from getting a foothold in your system, moving wherever they like, and stealing data or disrupting operations.  

According to research by Gartner, “By 2026, 60% of enterprises working toward zero trust architecture will use more than one deployment form of microsegmentation, which is up from less than 5% in 2023.” This is a significant increase and reflects how ZTS works for everyone, no matter your size, industry, or geography.

ZTS is purpose-built for the ever-expanding attack surface and the complexity of today’s hybrid cloud networks. It’s segmentation that uses the principles of Zero Trust. ZTS helps easily create Protect Surfaces that increase your organization’s ability to withstand attacks.  

The top 3 cloud resilience issues and how ZTS solves them

The cloud’s risk profile is increasing with its adoption. There’s a lot more east-west traffic than there used to be — going across multiple cloud services and between cloud and data center environments.  

If you’re relying on native controls to extend consistent security across the data center and different cloud services, you’re going to have a hard time operationalizing security. Unfortunately, this is causing people to throw their hands up and give in, leaving their cloud environments more vulnerable than ever.

There are three key challenges facing cloud security that you need to be aware of and how ZTS can help solve them:

1. The perception that cloud service providers are going to provide all the cloud security you need

You often hear about the shared responsibility model in the cloud where organizations share responsibility for securing cloud data with their service provider. In reality, this is an uneven handshake.  

It’s true that cloud service providers are responsible for securing the underlying infrastructure, and they will include a few native tools that will offer some protection. But it’s up to your organization to secure your cloud data, applications, and configurations and follow any compliance requirements in your industry.  

ZTS solves this by providing centralized visibility, policy, and management across all data centers and cloud environments. This allows you to consistently extend Zero Trust security throughout your network all from one solution without relying on individual service providers to do the job for you.

2. Lack of complete visibility  

You often hear about dwell time in cybersecurity, or how long attackers have been inside the network. Dwell time shouldn’t be a thing — but it exists because organizations lack end-to-end visibility of what they’re protecting and what’s happening in their system.  

You can’t protect what you can’t see. It’s critical for organizations to get visibility into the dark corners of their network. ZTS illuminates the entire Protect Surface so that you can see what’s happening and use those data points to create, maintain, and operationalize policy. This helps to not only proactively prepare your organization for the next breach but also helps your team become more efficient. In fact, Forrester Research found that InfoSec teams using Illumio ZTS were able to decrease their operational effort by 90 percent.

3. Cloud security risk can’t be transferred

In many cases, risk can either be accepted or transferred to someone else. For instance, we can either accept the risk of a storm damaging our car, or we can purchase auto insurance to transfer that risk to an insurance company.  

However, you can’t transfer risk in cybersecurity. This is because of the way regulatory agencies define data. Your organization is always the custodian of your data, no matter where it’s located. You can’t move data to the cloud and say it’s the service provider’s responsibility if a breach or ransomware attack occurs.  

Because of this, it’s your organization’s responsibility to be prepared to manage cloud security risk — and the traditional tools and tactics for data center security won’t be enough. You must adopt a Zero Trust strategy that has ZTS at its center. This will ensure cyberattacks that inevitably happen will be contained and isolated before they can spread throughout the system.

Learn more about cloud security challenges in our guide.

How to start building Zero Trust for cloud resilience

I recommend organizations follow the 5-step model of Zero Trust:

1. Define the Protect Surface: Identify what needs protection, understanding that the attack surface is constantly evolving.

2. Map transaction flows: Gain visibility into communication and traffic flows to determine where security controls are necessary.

3. Architect the Zero Trust environment: Once complete visibility is achieved, implement controls tailored for each Protect Surface.

4. Create Zero Trust security policies: Develop granular rules allowing traffic access to resources within the Protect Surface.

5. Monitor and maintain the network: Establish a feedback loop through telemetry, continuously improving security and building a resilient, anti-fragile system.

If you haven’t started building a Zero Trust architecture, you’re already behind. It’s time to stop talking about Zero Trust and start implementing it, beginning with Illumio ZTS.

Learn more about Illumio CloudSecure to extend Zero Trust across hybrid and multi-cloud. Try it free for 30 days.