IT security Predictions for 2019 – Verifying Trust

Wednesday, December 19, 2018

Scott Gordon

4238fc46fe869de66700ec14d6738248

Making predictions in the information security space is always an interesting yet challenging task. The very nature of cybersecurity, with the velocity of vulnerabilities and new threat actor coalitions along with the shifting regulatory environment, requires organisations to stay vigilant and informed.

Although we are at a point where new technologies such as AI and ML are grabbing a lot of the attention, a major change for 2019 onwards is focused on the bigger picture issue of trust.

Although the concept of Zero Trust and its becoming the de-facto model for security controls has gained acceptance, the next 24 months will see it accelerate into architectural best practices. 

Zero Trust moves away from the traditional perimeter-based architecture that assumed that anybody inside or getting remote access to the internal corporate network was trusted. With the rise of hybrid IT and the dynamic nature of provisioning apps, resources and users, the risks of unauthorized and insecure access exponentially increases. As such, the conventional perimeter defence is more limiting in terms of ensuring adequate visibility, consistent policy, and protected access. Getting a perimeter approach wrong can cause frustration for users, increase shadow IT, and leave potential gaps in defences that attackers can exploit.

Zero Trust works on the principle of “never trust, always verify.” With this method, organizations can dynamically establish secure connectivity and compliant access between the users, devices and the targeted resource and applications using a least-privileged security strategy. In this approach, access is granted based on satisfying pre- and post-connect policy associated with user and device authentication and security state verification. By adding micro-segmentation one can further limit unauthorized means to discover and exploit resources.

Zero Trust can be applied to perimeter-based access security architectures, and is at the core of the emerging architecture of software-defined perimeter (SDP). SDP solutions assume no trust and require different users, devices, applications or classes of information to be associated with a spectrum of trust levels that is established, by policy, in order to grant access with higher granularity and greater efficiency. With SDP, all entities and their security states are continuously verified by a controller within the control plane, and based on policy, communicates with entities to dynamically establish secure connections directly between source and destination through a data plane.

Through SDP, the perimeter becomes essentially elastic from users and devices to requested applications and resources no matter where they reside. That being said, given the massive existing investment in perimeter defences and the ongoing migration of applications to the cloud will require secure access architecture accounting for both conventional firewalls and VPN defences, as well as SDP.

With moves towards Hybrid IT adoption showing no signs of slowing down, 2019 will be the year when Zero Trust and Software Defined Perimeter take shape!

About the author: Scott Gordon is the chief marketing officer at Pulse Secure, responsible for global marketing strategy, communications, operations, channel and sales enablement. He possesses over 20 years’ experience contributing to security management, network, endpoint and data security, and risk assessment technologies at innovative startups and large organizations across SaaS, hardware and enterprise software platforms.

Possibly Related Articles:
30461
Infosec Island Enterprise Security Security Training
Information Security Security Architecture Zero Trust Hybrid IT
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked