Magazine Button
Gigamon expert on Zero Trust in the time of COVID-19

Gigamon expert on Zero Trust in the time of COVID-19

Enterprise SecurityTop Stories

In a world where the workplace is continuing to shift towards a ‘work anywhere’ model, moving towards a Zero Trust architecture simply makes sense. This is the message from Vijay Babber, Channel Manager at Gigamon Middle East, who tells us how organisations can embrace a Zero Trust strategy with a few key steps.

The COVID-19 pandemic forced companies to completely re-think their workplace. Work-from-home (WFH), which used to be a model mostly for remote employees or something granted as an exception, has very quickly become the norm across many large organisations, for all employees. And while we hope the pandemic to subside in the months to come, some of these working habit changes may never go back to ‘how it used to be’.

This sudden and significant shift imposed a significant burden on IT and Infosec teams. Legacy approaches to IT have required a different infrastructure and a different security framework for employees accessing applications and services when on the ‘Intranet’ vs when on the ‘Internet’. One example of this is having a dedicated VPN infrastructure for remote employees.

With the sudden push towards WFH, this approach severely tested the limits of traditional IT and security frameworks not just in terms of scaling the infrastructure to accommodate the rapid shift towards WFH, but also in terms of the human resources needed to manage, monitor and secure the infrastructure, data and applications.

And while the impact of the pandemic is at once sobering and humbling, bad actors have not given up on what they have perhaps perceived as a huge opportunity to take advantage of a strained, tested and constrained Infosec team and infrastructure.

As an example, fake COVID-19 maps were being stood up that acted as a dropper for malware. Unsuspecting users who were seeking information on the COVID-19 spread were being enticed to download these maps, resulting in their systems being compromised. The end goal in many cases being credential theft such as stealing usernames and passwords. These same users may then come in on the ‘Intranet’, and with the implicit trust of being on the Intranet, gain access to systems that can then be easily compromised. Many other such schemes were being rapidly deployed by bad actors to take advantage of unsuspecting users and thinly stretched IT and Infosec teams.

In the face of this, the move towards a Zero Trust (ZT) Architecture takes increasing importance. The basic premise of Zero Trust is to eliminate implicit trust associated with locality of access. And move the emphasis towards protecting assets, not network segments – assets being users, devices and applications. In other words, Zero Trust assumes there is no implicit trust granted to assets solely based on their physical or network location.

The four key principles encompassing Zero Trust are:

  1. Identifying all assets and their access/communication patterns
  2. Authentication, authorisation and access control of all assets
  3. Encrypting all data flows regardless of network location
  4. Continuous monitoring of data flows and assets to detect changes, violations or anomalies

The end goal here is to have a unified security framework for all assets. In doing so, IT and Infosec teams can reduce the burden of dealing with different infrastructure for users on the ‘Intranet’ vs ‘Internet’, provide a unified experience to users independent of the locality of access and have one consistent framework for security. In a world where increasingly the workplace is shifting towards a ‘work anywhere’ model, moving towards a ZT architecture simply makes sense.

To be sure, moving towards a ZT architecture is not a quick end-goal, but rather a journey for most organisations. It is unfortunate that severe dislocations such as that caused by the COVID-19 virus may perhaps serve as a forcing function for organisations to embark on this journey.

Nonetheless it is one that most organisations can embrace with a few key steps:

  1. Map out your assets. Leverage non-intrusive techniques such as network metadata for visibility, along with leveraging host/endpoint based approaches
  2. Discover and understand the asset communication flows and patterns. Once again, monitoring network traffic provides an excellent approach for gaining this insight. This is important in order to define the right access control policies. Not understanding this can lead to potential disruption in the business
  3. Implement authentication and access control policies based on the above discovery. For legacy devices and applications that can’t easily be authenticated, isolate them on different segments of the network and monitor and control all access to and from them.
  4. Set up a continuous monitoring strategy. Monitor network traffic, as well as log host/endpoint data. Use tools that can work off this data to analyse it and surface incidents and violations of the policy.  

Zero Trust is a journey that perhaps requires significant thought in terms of executing the above steps. Many organisations have in the past delayed this initiative. With the workplace being completely re-imagined due to the tragic disruption of the COVID-19 pandemic, the need to streamline and unify the security infrastructure of organisations is perhaps never as urgent as it is now.  

Click below to share this article

Browse our latest issue

Intelligent CISO

View Magazine Archive