Outdated network trust assumptions - before Zero Trust architecture
Isn’t it strange, that although we are watching networks closer than ever before and invest money into enterprise security, it becomes harder and harder for us to know who on our network we can trust? One compromised workload often is enough to get to the rest of the important applications and data or move freely in that infrastructure.
With architectural shifts to cloud services like AWS and Azure, the rise of SaaS, IaaS and PaaS, the beginning of what we now see as a revolution called containers, the problem only gets bigger. All of those infrastructures could be anywhere, even public and the assumption of a trusted network only got more false than it was before. The same happens with users and devices, they are spread all over the globe, accessing sensitive data and applications through VPNs or directly. They may be in coffee shops, on hotel wifi or in their home offices, when a global pandemic changes network access dramatically.
There are more challenges in the traditional approach:
- Security is an overlay in today’s networks - the network was built before security was a concern and to introduce security the network needs to be rearchitected, traffic needs steering to go through control points granting access
- IP subnetting gets harder and cumbersome if zones get smaller and smaller, it becomes unmanageable if you need to write layer 3/4 rules for this
- Hard to write one policy to fit all infrastructures
- Many enforcement points
- Lateral movement is possible in each of the zones, no matter how small they are
- Access control limited to the perimeter of the network
- No visibility into your network flows
- No orchestration to automate operations