Another way to promote security in the extended enterprise is to move from perimeter-focused network security solutions and policies—focusing on techniques to prevent bad actors from getting access to network resources—to zero trust, identity-focused security policies.
The zero trust model, which was established to promote the concept that organizations cannot automatically trust any endpoint originating inside or outside its perimeter, has its foundations in network segmentation. Improving on the network segmentation concept, zero trust's granularity and micro-segmentation enforce rules based on users, their locations and other factors to decide if the user, endpoint or app should be trusted.
A zero trust network will not authenticate unless it can determine if the endpoint's user, location and security status is valid.
Once endpoints authenticate, that specific connection is subject to a restrictive policy. The zero trust model operates much like the "need-to-know" basis used by the government, in which the network security solutions issue only the exact amount of access required for endpoints, users and apps. No more and no less.
Zero trust policies assume users and devices are not allowed access to any network resources unless they specifically prove their credentials. Remember, zero trust goes beyond users; a comprehensive zero trust policy would include people, devices, workloads, networks and data.
Perimeter-focused security policies operate much like a security guard at the entrance of an office building during the day to protect employees and assets from potential threats. While this certainly is a helpful first line of defense, it is unlikely the guard will catch every potential bad actor or vulnerability—particularly intentional threats or unintentional human error from within the organization.
On the other hand, zero trust network security solutions are similar to having an advanced facial recognition scan used to authorize access to a particular room or area of the office building. The use of identity-based security not only prevents unauthorized access but also creates a record of those who have gained access should any problems arise.
While it is likely perimeter-focused security solutions (like firewalls, for example) will remain a first line of defense for many networks, organizations should also consider augmenting their network security solutions strategies with more zero trust security policies to secure critical applications and resources.