InfoSec Insider

4 Key Questions for Zero-Trust Success

Anurag Kahol, CTO & co-founder at Bitglass, offers tips for avoiding implementation pitfalls for zero trust.

Historically, securing remote access was primarily done using VPNs. However, as enterprises have begun to understand the principles of zero trust, which states that no user may access any data source without first being authenticated, VPNs are proving to be insufficient.

The demand for secure remote access to on-premises resources has been steadily rising for years. However, this need was famously accelerated by the shift to remote work amid the pandemic. Although enterprises have moved more data to the cloud as they seek to embrace various digital transformation initiatives and enable remote work, the need for on-premises resources has persisted, and employees still need secure remote access to this data.

Infosec Insiders Newsletter

As companies seek to implement a zero-trust network access (ZTNA) solution, there are important considerations that need to be made to avoid common pitfalls, in areas such as performance, data loss protection (DLP), advanced threat protection (ATP), visibility and reporting.

How to Avoid Zero-Trust Security Pitfalls

When comparing ZTNA options, organizations should ask the following four key questions to ensure that their approach is capable of addressing their security needs:

1. Can It Keep Up with Today’s Hybrid Work Environment?

Performance is crucial when it comes to selecting the right ZTNA solution. The workplace has come a long way since the early days of the pandemic, when many organizations invested heavily in scaling their VPN capacity to accommodate remote work. The extent to which this technology was expanded is likely no longer necessary now that many workplaces have transitioned to a hybrid environment.

On-premises appliance-based VPNs place the burden of provisioning and scaling in the hands of the consuming organization. To limit the risk that causes, companies should seek out a ZTNA solution that allows the infrastructure required to operate to be hosted by the solution provider in the public cloud.

Looking for a public, cloud-hosted solution is a start, but it’s not the only performance component to consider. Security teams must also carefully vet the solution to ensure its responsiveness and reliability are up-to-par with the needs of the business. To do this, organizations should evaluate it against their typical user base (which should include users in various locations worldwide), and check for any potential added latency. The right solution will be able to adjust to peaks in usage regardless of the location of each user, and have a certifiable record of consistent high availability.

2. Will It Identify & Prevent Unwanted Exposure in Real Time?

Organizations need a solution that does more than just alerting them after an incident has already occurred. Instead, it must deliver real-time enforcement to avoid data loss. Preventing the disclosure of sensitive information has been one of the many challenges security teams have faced amid the shift to remote work environments and the resulting spike in the use of unmanaged personal devices.

That’s why it’s crucial to factor in the technology’s ability to successfully enforce DLP policies for the download and upload (if necessary) of on-premises assets when selecting a ZTNA solution.

To facilitate zero-trust rules throughout the organization’s IT infrastructure, it’s important for security teams to ensure the solution can get granular, and is configurable according to factors such as location, user type and other elements of identity.

3. ATP: Can It Stop Malware in Real Time?

ATP is another essential component of a ZTNA solution. Malware can easily be uploaded within documents without the employee being aware of it; and it can spread to other devices and users through downloads. Once this happens, if the right technology isn’t in place, the threat actors can move laterally through the organization. That is why it’s important for a ZTNA solution to thwart the upload, download and circulation of malware in real time.

ATP is particularly relevant now due to its ability to protect remote employees using personal, unmanaged devices that the company cannot install security software on. For these individuals, it is beneficial for the ZTNA solution to be able to stop the upload and download of malware without needing software to be installed on users’ devices.

4. Can It Help with Regulatory Compliance?

Finally, organizations should seek out a ZTNA solution that delivers real-time visibility and control to assist them in demonstrating regulatory compliance. Reporting capabilities should include thorough logs that specify all file, user and app activity (including device type, IP address, location and time of access), for both managed and unmanaged devices.

Selecting a solution that enables simple SIEM integration and exportable logs will also extend visibility to additional parts of the network within the company.

One Facet of a Comprehensive Platform

A strategic ZTNA investment means ensuring the chosen technology is part of a comprehensive platform, such as secure access service edge (SASE). SASE is a cybersecurity concept first described by Gartner in 2019 that consolidates what were traditionally disparate network and cloud services. This platform can secure every interaction between devices, apps, web destinations, on premises resources and infrastructure using various security technologies in one unified, cloud-based platform.

Anurag Kahol is CTO & co-founder at Bitglass.

Enjoy additional insights from Threatpost’s Infosec Insiders community by visiting our microsite.

Suggested articles

Securing Your Move to the Hybrid Cloud

Infosec expert Rani Osnat lays out security challenges and offers hope for organizations migrating their IT stack to the private and public cloud environments.