There’s  a way out of this breach  nightmare,  but it will require  a new cybersecurity  paradigm.  This will
            require eliminating  secrets, enforcing zero trust, enforcing the principle of least privilege, and hardening
            access with identity security and centralized policy governance.



            Modern infrastructure  is a lot more complex than it used to be

            But first, how did we get here? Well, engineering infrastructure  evolved. A few decades ago, you might
            have had a handful of layers in a company’s  technology  stack. It was easy enough to standardize  the
            security model for each of those layers.

            That’s not the case in today’s cloud-heavy  environment of plentiful ephemeral resources.  The modern-
            day 'stack'  includes many disparate technology layers—from  physical and virtual servers to containers,
            Kubernetes  clusters,  DevOps  dashboards,  IoT, mobile  platforms,  cloud  provider  accounts,  and,  more
            recently, large language models for GenAI.

            This has created the perfect storm for threat actors, who are targeting the access and identity silos that
            significantly  broaden  the attack  surface.  The  sheer  volume  of  weekly  breaches  reported  in the  press
            underscores  the importance of protecting the whole stack with Zero Trust principles. Too often, we see
            bad actors exploiting some long-lived,  stale privilege that allows them to persist on a network and pivot
            to the part of a company’s infrastructure that houses the most sensitive data.




            Zero Trust enforcement should now extend to applications and workloads

            For  a brief  history  lesson,  the traditional  security  model  before  Zero  Trust  was about  the  perimeter  –
            protecting internal applications and data with an external access point like a VPN. Authenticating via that
            VPN would grant access to whatever was inside, with no further authentication needed. From a malicious
            actor’s perspective, breaching this perimeter by exploiting a static credential or stale privilege would grant
            access to other resources on the network.

            Zero  Trust  was  the  answer  to  creating  a  ‘perimeter-less’  environment  where  ‘everything  requires
            authentication’ (i.e. ‘never trust, always verify’). Instead of authenticating to the network, you authenticate
            each time you access a resource.

            Enter  the  pandemic,  Zero  Trust  deployment  heavily  focused  on  solving  network  authentication.  Most
            companies realized that VPNs weren’t designed for large numbers of remote workers. The question was,
            ‘How do we get our employees set up on the network if these VPNs only work within the office’? While
            plenty of companies  have figured out how to authenticate  users and enforce Zero Trust at the network
            level in the last few years, they haven’t done so at the application and workload layer. They, therefore,
            haven’t  solved the more  comprehensive  challenge  of enforcing  a fully Zero Trust  architecture  for their
            cloud and data center operations.

            To  end  rampant  breaches,  companies  must  now  extend  Zero  Trust  enforcement  to  applications  and
            workloads.  Companies  need  to  transition  to  a  mindset  of  constantly  asking,  “Does  this  person  have






            Cyber Defense eMagazine – August 2024 Edition                                                                                                                                                                                                          194
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.