What is Zero Trust?
A Zero Trust framework eliminates automatic access for any source – internal or external – and assumes that internal network traffic cannot be trusted without prior authorization. As operating models evolve with more employees working remotely, the need for a holistic Zero Trust approach is even more urgent.
To guide organizations in their journey, Forrester Research developed the Zero Trust eXtended (ZTX) framework, comprising seven components of an enterprise ecosystem where Zero Trust principles should be applied.
Forrester recently found that Zero Trust can reduce an organization’s risk exposure by more than 37%. This reduces security costs by 31%, helping organizations realize millions of dollars in savings in their overall IT security budgets.
Zero Trust is an essential security strategy
Focusing primarily on perimeter security and firewalls is no longer enough. Many organizations are now adopting the Zero Trust security mindset of “never trust, always verify” to segment internal networks and prevent the spread of breaches.
Though endpoint-focused security solutions have evolved, ransomware continues to impact enterprises. Cyberattacks such as WannaCry and NotPetya rely on lateral movement across environments to escalate a containable nuisance to a cataclysmic attack. Zero Trust Segmentation and focused granular internal controls mitigate this problem and must be deployed as part of a Zero Trust framework.
And as users move away from organizations' private networks to a distributed, remote work model, Zero Trust must be extended to endpoints to reduce the attack surface. As a result, Zero Trust Segmentation has become a key component of the Zero Trust model.
Trust nothing inside or outside your perimeter, on, or off your network
Verify everything – every user and every device – that tries to connect to your systems and applications
Assume breach and focus on preventing ransomware and bad actors from moving inside environments
This approach shifts the conversation to preventive containment, with a focus on preventing lateral movement between endpoints, between users and data center applications, and inside your data center and cloud environments.
Illumio delivers end-to-end Zero Trust microsegmentation from the data center and cloud to endpoints to stop the spread of ransomware and bad actors. Illumio protects against lateral movement across users, end-user devices, applications and workloads, network devices, servers, and other infrastructure.
Illumio Named a Leader in Two Forrester Wave™ Reports: Microsegmentation and Zero Trust
The Forrester New Wave™️:
Microsegmentation, Q1 2022
The Forrester Wave™ for Zero Trust eXtended Ecosystem Platform Providers, Q3 2020
Conversations on
mobilizing Zero Trust
Dr. Chase Cunningham, VP of Research and Principal Analyst at Forrester, joins Illumio CTO PJ Kirner to discuss strategies for getting started with Zero Trust.
Achieving effective Zero Trust for the new world
PJ and Chase return to discuss how Zero Trust priorities have evolved to address remote work environments
and ransomware.
Implementing Zero Trust models with Illumio
Data
Network
Workloads
People
Devices
Visibility & Analytics
Automation & Orchestration
Manageability & Usability
APIs
Future State of Infrastructure
Data
Network
Workloads
People
Devices
Visibility & Analytics
Automation & Orchestration
Manageability & Usability
APIs
Future State of Infrastructure
3 steps to achieve Zero Trust
-
Discover
A critical first step to a Zero Trust framework is to see how your users, devices and apps are connected by understanding what’s communicating and what shouldn’t be.
- Use a real-time map to see everything across your endpoints and application flows and identify high-value systems and critical applications.
- Map the connections of sensitive data across users, devices, networks, workloads, and applications to understand what should be allowed to communicate based on least privilege.
- Enable a single source of truth to facilitate collaboration and engage business and IT stakeholders in designing Zero Trust microperimeters and security policies.
-
Define
The next step towards Zero Trust security is to architect optimal microsegmentation controls with automated policy creation to reduce risk and deployment complexity.
- Define and automate the right level of Zero Trust segmentation controls (from environmental separation to process level) across endpoints and East-West traffic.
- Identify and map segmentation policies based on the exploitability of vulnerabilities and use segmentation as a compensating control when you can't patch.
- Visualize and test policies before enforcement to ensure you don’t break applications while provisioning security at birth in cloud-native applications.
-
Enforce
Enable default-deny policies that are decoupled from your network to enforce effective Zero Trust controls wherever your endpoints and workloads exist.
- Use an allowlist model to ensure that only authorized connections can take place across users, devices, networks, applications, and workload communications.
- Secure data in transit without requiring any changes or upgrade to the existing network infrastructure.
- Continuously monitor and adjust dynamic Zero Trust policies as your environment changes.
- Seamlessly integrate with third-party IT tools to orchestrate adaptive Zero Trust across your on-premises and multi-cloud environments to reduce security silos.
August 16, 2021
Read more
