Page 85 - Cyber Defense eMagazine January 2023
P. 85
Trends Driving the Move to ZTA
The following factors are key in driving the trend for Zero Trust Architecture (ZTA):
1. Cyber attackers have become increasingly more adept at penetrating networks then moving laterally
once inside
2. The traditional perimeter security model is becoming ineffective in evolving enterprise
3. More and more businesses, clients and customers, are using the cloud and personal devices to access
internal networks, which blurs the boundaries between insiders and outsiders. Nowadays, the user is the
perimeter.
How Does Zero Trust Architecture Work?
Zero Trust Architecture (ZTA) assumes there’s no network edge - and that networks can be local, cloud-
based or a combination of both. It therefore requires a robust set of controls. ZTA delivers granular
perimeters and micro-segmentation that limits attackers from moving around internal networks - and in
doing so, reduces the ‘blast radius’ of an attack and myriad potential threat vectors.
When a day doesn’t seem to go by without another news story of a high-profile cyberattack, ZTA is
looking increasingly like a company’s first line of defence. (Just last month, Cisco reported they’d had
their corporate network breached via an employee’s VPN - which, thanks to their security team, was
contained in time.)
ZTA also enhances an organization’s security by leveraging additional data to drive security decision
making around risks, threats, security posture and identity attributes.
What Changes with ZTA that Affects Information Security Management?
Traditional Infosec Management approaches are network-focused and include ISO 27001/27002; CIS
Top 20 Critical Security Controls, and O-ISM5 The Open Group.
Meanwhile, ZTA is asset and data-centric, and has a greater focus on Authentication, with more security
controls aimed at authentication, devices, apps, APIs, micro-segmentation - and the data itself (applying
encryption, for example).
With ZTA in place, there is also less need for bolt-on security systems, traditionally used to secure
networks, while categories of security solutions - such as Network Access Control and IDS/IPS - must be
either re-engineered to fit the new model or dropped altogether. There are also fewer point solution boxes
to manage.
Cyber Defense eMagazine – January 2023 Edition 85
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.