The enterprise cloud has completely revolutionised how startups and legacy businesses operate. But with that change, few companies realise that the traditional enterprise network — and the firewalls that protected that perimeter — are outdated and pose a security risk.
Today, the enterprise “network” is mobile and accessed through devices by multiple users, with a lot of the services being used served via the cloud that bypass traditional network parameters.
Firewalls — long the standard for protecting data — have become porous, easily penetrated by hackers. In the new mobile and multi-device climate, this thin barrier is ineffective and cannot slow enterprise cloud cyber threats, let alone stop them.
Firewalls began as policy-driven, access control mechanisms, unable to detect malicious activities. Most “security” oriented services were unnatural bolt-ons, bound to the constraints needed for faster throughput — inline.
The network perimeter has dissolved as employees and businesses have become more agile. The current reality is that enterprises seeking the most secure solutions to IT and data protection — in the multi-user, multi-device climate of the cloud — must enact security measures that leverage continual analysis and possess the elasticity typically only offered by software.
Enterprises need a continuous trust model based on both the activity of a device, and user — and not their ability to gain network access through exterior protection. Authentication at a point in time is not enough. There’s no reason to rely on checking one’s identity only once if you can continuously monitor and validate behaviour over time, and throughout the lifecycle of current access attempt and usage.
Working with early technology adopters and forward-thinking enterprises, I realised that the notion of being more agile and more flexible came with a vital question: How can an enterprise enable data access for users that were predominantly — or shifting — to allowing data access from anywhere? This was true of companies running legacy networking systems and early-stage startups reliant solely on the cloud.
It’s not feasible to surround the cloud or cloud services with security hardware solutions. There is no hardware-based model, firewall solution, or defined circle anymore to manage a secure network. Now, you have hardware on premises, data centres in the cloud, and users accessing both. It is a security nightmare.
The answer to this enterprise security conundrum is software that is flexible, yet has defined parameters. A secure cloud enterprise solution allows you to define your network any way you want. It also allows for visibility to both the device that's accessing data and the user. This way, you can tell if the machine accessing the enterprise cloud is compromised or if the user is actually who they claim to be.
Combine all these models and you get software security that is completely elastic and based on user behaviour and the devices they use in order to establish trust and grant access to data.
This is the essence of “zero trust.” You don’t assume a device or user can access information just because they are part of the network or have been granted access via password or fingerprint. Access is driven by users’ individual needs. Trust models are created based on the device and the person.
To orchestrate this model in a traditional way, you need an almost endless amount of policies in place. Cumbersome and burdensome, this approach requires monitoring user behaviour and building a user profile and then baseline that can be used to assign access and segmenting out everything that shouldn't be accessed by that profile.
Which is why applying AI to behavioural baselining is vital. This allows for security in real time and with the vast amounts of users, data, and devices in both the managed cloud universe as well as the unmanaged universe. Coupling visibility of device activities, including all outbound and inbound network connections, with machine learning, allows us to scale, identify and profile any activity on the corporate network. It allows us to learn and establish baselines, and also understand what the norm is, without setting a single policy. Say goodbye to years of complexity and unmanageable policies across multiple siloed products.
Efficiently obtaining a baseline of user behaviour and then monitoring for any anomalies allows the enforcement of these “transparent” policies through automation. With this approach, access can be enabled or disabled based on monitored behaviour far more accurately on the enterprise cloud network. When a deviation from the norm is detected, you can observe the anomalies or build in proactive automated policies to deflect or prevent potential violations.
Moving to this system can be a challenge for traditional enterprises as well as startups, if not done correctly. It must be a gradual, natural evolution. You can’t remove the network firewall solution and create a security vacuum. With zero trust network security, software enabled cloud solutions will be most secure when enacted alongside current solutions, like firewalls. Eventually, this logical network, decoupled from physical hardware layer (and its constraints), will work so well in the enterprise cloud network, investments in firewall solutions are likely to diminish.
There is another major benefit of security software solutions: They are suited for the enterprise cloud and can also protect data centres. When there are no real software-based security models, it is nearly impossible to manage both the cloud network and server-side of the network.
A solution that can mitigate risk on the cloud must also be cross platform. That way it can operate on any device or network vendor. The old network that can be protected by a firewall will be a relic of a different enterprise computing era quite soon.
Those who don’t act early to enable a crossover from the old system to the cloud enterprise, zero trust models, are making a risky gamble.
There is a lot to unpack and numerous potential repercussions when it comes to creating a secure enterprise cloud network. This is just a sample of the experience and expertise I want to share to make sure businesses are ready to enable zero trust security.
Tomer Weingarten, CEO and Co-founder, SentinelOne
Image Credit: Flex