Page 45 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 45
Why Zero Trust is Easier Said Than Done
By John Vecchi, CMO, Anitian
Zero trust security has made its way into the offerings of most enterprise security companies while
becoming a critical and new modern architecture adopted by the Department of Defense (DoD) and the
federal government. However, many organizations today have built their information security programs
around more traditional security technologies and methodologies. Moving to — and modernizing for —
zero trust security is not as simple as adopting a single point technology or running a single scan. Here’s
why.
Comparing Zero Trust to Traditional Approaches
If we contrast a modern, zero trust approach to traditional, legacy security approaches, it’s
understandable why the National Security Agency (NSA), Department of Defense (DoD), Defense
Industrial Base (DIB), and the Biden Administration’s Executive Order on Cybersecurity are all mandating
Zero Trust Architectures (ZTA).
Yesterday’s legacy security strategy was built around a more traditional “internal trust” approach. The
idea is that once inside the trusted zone, applications and systems can freely communicate. Access to
the internal trusted zone is granted by passing users through a principal perimeter defense – in most
cases a next-generation firewall. This makes it easier for attackers, as once they’ve stolen legitimate
credentials or found other methods to bypass the perimeter defense, they can gain full access to the
45