Zero Trust Needs to Play Well with Others

Babysitters and teachers know how important it is for children to be able to play well with others. If the new kid in class turns out to be a bully who throws crayons at classmates, he’s going to be put in a time out or hustled off to the principal’s office to consider the error of his ways.

When you’re trying to add security into your network, you need to be equally aware of how well it’s going to work with what’s already there. You’ve probably read a lot about the zero-trust security model, but you might be wondering how it really works in practice. And will it even work in your situation at all?

The two biggest challenges in security are managing complexity and visibility. Many organizations have countless solutions that they are trying to get to play nice with one another. Every time you’re faced with a new edict to improve security, the inevitable question is whether the new solution is going to make a horrible mess and metaphorically have to be put in a time out. No one wants that.

Implementing zero-trust everywhere generally requires multiple solutions that deliver on the zero-trust principles of:

• Ongoing verification of users and devices
• Creating small zones of control
• Granting minimal access to users and devices

But if you have products coming from multiple vendors with multiple dashboards and challenging integrations, you can easily end up with an incompatible mess that doesn’t work with the systems you already have.

Taking an Integrated Approach to Zero Trust

Leveraging solutions and products that are easily integrated by design is much simpler to deploy, configure, and maintain. That’s why we’ve seen huge success with enterprises who roll out, for example, security, SD-WAN and ZTNA integrated in a single platform. Instead of trying to cobble together a bunch of point products, taking a platform approach to zero-trust significantly simplifies the situation. Not only does it make it possible for the products to work together, if you select a platform that has an open ecosystem with a wide variety of vendors, you can still have a mixture of solutions. But because they all can be integrated, they work well together.

You need to implement both zero-trust access (ZTA) and zero trust network access (ZTNA) to identify and classify all of the users and devices that seek network and application access, assess their state of compliance with internal security policies, automatically assign them to zones of control, and continuously monitor them, both on and off the network.

The Components Needed for Zero Trust Security

The zero-trust model stipulates that organizations restrict user access to only the resources that are necessary for a given role and that they support the identification, monitoring, and control of networked devices. To support their journey to the cloud and work from anywhere trends, organizations need these components for zero trust security:

• Network access control
• Advanced endpoint telemetry and remote access
• User identity management server
• Two-factor authentication

Network Access Control

Maintaining continuous visibility and access control of devices on the network has historically been difficult. But with a network access control solution that supports agentless data collection, you can gain extensive visibility into everything on the network, including every device on or seeking access to the network.

Network access control also can be used for network microsegmentation and by integrating with next generation firewalls (NGFWs), it also can enable intent-based segmentation, which bases segmentation on business objectives, such as compliance with data privacy laws.

Endpoint Telemetry and Remote Access

Zero trust needs to be extended to end-user devices, such as laptops and mobile phones. For user and device access to applications both on- and off- the network, you need a client agent that ensures endpoint visibility and compliance.

When end-user devices reconnect with the enterprise network, an agent can be used to share endpoint security telemetry data with the rest of the platform. This data includes device operating system (OS) and applications, known vulnerabilities, patches, and security status. For ZTNA, client agent provides the device posture check and the user identification as part of the verification process as well as creating the encrypted tunnel from the device to the proxy point.

Identity Management

Authentication is one of the keys to zero trust security with authentication, authorization, and accounting (AAA) of users with access management, single sign-on, and guest management services. User identity is established through logins, certificates, and multi-factor inputs, which are shared with role-based access control services to match an authenticated user to specific access rights and services, including cloud-based services (SaaS applications).

Two-Factor Authentication

Two-factor authentication services are another aspect of zero trust security that can’t be ignored. Authentication can be performed either through a hardware token or an open authorization (OAuth)-compliant one-time password generator application.

Zero Trust Needs to Be Everywhere

It can seem daunting to get still more security integrated into an already challenging networking environment, but many organizations already have some elements of zero trust, such as restricting access to applications or multi-factor authentication. By improving what you have and adding more zero-trust capabilities over time, you can improve your overall security posture.

As you introduce elements of zero trust into your network, it’s important to select products that work and play well together. Choosing incompatible products that don’t use a platform approach increases the likelihood of security gaps. And a network made up of inherently incompatible solutions can be expensive and cumbersome to manage.

By assembling the necessary pieces of zero-trust security under the umbrella of a single platform, you can move forward with zero trust strategies that work no matter where your users, devices, or resources may be located.

Learn more about Zero Trust solutions from Fortinet that enable organizations to see and control all devices, users, and applications across the entire network.