Enforce a Zero Trust Security Model in Today’s Hostile Environment
As the world’s largest and most trusted cloud delivery platform, Akamai makes it easier for its customers to provide the best and most secure digital experiences on any device, anytime, anywhere. Akamai’s massively distributed platform is unparalleled in scale with over 200,000 servers across 130 countries, giving customers superior performance and threat protection. Akamai’s portfolio of web and mobile performance, cloud security, enterprise access, and video delivery solutions are supported by exceptional customer service and 24/7 monitoring. To learn why the top financial institutions, e-commerce leaders, media & entertainment providers, and government organizations trust Akamai.
Companies of all types are pursuing digital transformation. The goal is to improve customer value, operate with greater efficiency and agility, and increase innovation. But as companies leverage new cloud and DevOps workflows to build their digital business, security has not kept pace. The proliferation of cloud applications and an increasingly mobile workforce have fundamentally reduced the effectiveness of the network perimeter. Applications, data, users, and devices are moving outside of the enterprise’s zone of control, fundamentally increasing the attack surface. As infrastructure becomes more permeable to enable new business models, cyber criminals are becoming more adroit, sophisticated, and incentivized to find ways to circumvent security measures. Traditional perimeter security was never designed for today’s reality. In the face of proliferating cyber attacks, and the associated breaches that follow, how can companies protect themselves? This white paper describes a security paradigm for today’s hostile environment: zero trust. Using this model, users and devices are never trusted, and the environment is assumed to be hostile. Zero trust highlights that there should be no trust distinction between internal and external networks. With this model, all access requests and devices are always verified with full logging and behavioral analytics. Additionally, this paper will address why IT should look to embrace cloud services to move away from perimeter security.
Digital Transformation Is Omnipresent
Significant digital transformation is now ubiquitous across the majority of industries. And the trend is accelerating. IDC Research predicts that global digital transformation investment will reach $2.2 trillion in 2019, an almost 60% increase from 2016.1 Companies are leveraging advanced cloud and network architectures to deliver new customer value while increasing operational efficiency, agility, and innovation. Digital transformation benefits consumers by allowing companies to offer digital products, better services, personalized interactions, and a superior customer experience. Employees take advantage of digital technologies to easily communicate and collaborate online, enhancing productivity and morale.
The Trusted Perimeter Is Dead
But while leveraging digital services brings many benefits, companies are seeing their attack surface grow in today’s increasingly hostile threat landscape. As a result, they need to rethink the fundamentals of perimeter security and the manner in which they protect their critical applications, data, and users. Digital transformation has a profound impact on the way companies deliver IT solutions, as well as their threat exposure. Traditionally, users have interacted with applications in a trusted manner across private local area networks (LANs), wide area networks (WANs), or virtual private networks (VPNs). Companies adopted perimeter security, such as firewalls, VPNs, and network access controls (NACs), to keep cyber criminals out of internal networks. Once inside the network, users were inherently trusted to go where they pleased. As companies undergo digital transformation, they are turning inside out. Applications increasingly reside in the cloud, outside of IT’s traditional zone
Traditional Perimeter Security Is Inadequate
With corporate applications, data, devices, and users moving outside the perimeter, and cyber threats moving inside, traditional perimeter security is no longer sufficient. Companies have long protected corporate networks using perimeter stacks, or DMZs, that include appliances for access control (VPN appliances, identity providers, single sign on/multi-factor authentication, client-server), security (web application firewalls, data loss prevention, next-gen firewalls, secure web gateways), and application delivery and performance (load balancing and optimization). But these perimeter architectures were never designed to optimize the experience for users that are accessing applications from a variety of locations. Additionally, they weren’t designed for Software as a Service (SaaS) or applications hosted in the cloud. To overcome this, IT departments often have to repeat these stacks for redundancy and high availability across multiple regions and data centers as necessary, increasing cost and complexity. As applications move to the cloud, companies no longer have the same control — traditional network security based on packets, ports, and protocols doesn’t work when companies don’t manage the full application environment and network. Companies will continue to run both on-premises and cloud applications for the foreseeable future. They will need to maintain a patchwork of access control and security solutions that may not play well together, and will have no central place to manage and control these technologies. Fragmented systems lead to increased risk and reduced visibility. To top it all off, the premise underlying perimeter security — that walls work — has become obsolete. Criminals often gain entry onto corporate networks by using legitimate usernames and passwords or installing malware that finds
Companies undergoing digital transformation need to provide employees, suppliers, consultants, and other partners with fast, easy, and safe access to applications that are behind the firewall from any device, anywhere in the world. Traditional access technologies typically use a variety of hardware and software appliances to give network access to any user with the proper credentials. However, studies have shown that most breaches result from valid user credentials that are either stolen or improperly used. A zero trust security model assumes that all users are compromised and should not be trusted.