#HowTo Support a Zero Trust Model with Automation

Recent history has shown that cybersecurity threats closer to home, such as surreptitious breaches that lie dormant for weeks, or even months, pose as significant a threat to organizations than external breaches. However, this is at odds with the traditional cybersecurity model, whose focus has always been on assessing and addressing external threats. It’s no surprise that organizations are now looking to facilitate a new approach.

This is why the Zero Trust model is finally gaining acceptance as an effective architecture for enterprise security. A Zero Trust architecture encourages CISOs and their teams to adopt a completely new mindset, by giving them the tools to conduct a thorough risk analysis of what is happening inside and outside the corporate perimeter.

Zero Trust rests on regulating access to enterprise data and systems, which means that it dramatically cuts the risk of an internal breach. However, regulating privileges with such a degree of granularity means a Zero Trust architecture is a highly complex operation spanning enterprise data centers, private and public clouds, and a growing number of edge connections.

For such a complex model to succeed, Zero Trust needs a framework that gives security operations teams the confidence to manage the scale and complexity of the IT and cloud environments that they oversee.

Security operations can use it to apply the same level of risk to both internal and external connections to qualify threats, monitor them and minimize their impact.

The rise of security automation

To understand how security operations can master Zero Trust, we need to start by acknowledging that enterprise security traditionally hasn’t been a homogenous discipline, but has been made up of multi-vendor solutions run by disparate and often siloed teams. 

This is slowly changing. The emergent paradigm that’s now coming into play is one defined by automated processes and workflows that encourage a more open culture of collaboration. This helps security operations teams forge closer links with ITOps and NetOps colleagues, helping to create a more seamless, fluid and ultimately secure environment.

This is because automation allows security organizations to adopt an open framework that is based on a universal and easily accessible programmable language, which allows teams from different domains to communicate with each other, share critical information and grant access to various systems and applications.

If paired with the appropriate management layer, this model is ideal for professionals managing complex environments, comprising solutions from multiple vendors. Having a better understanding of each other’s roles and responsibilities actively encourages security and IT teams to cooperate and work together as a unit. Such seamless integration between security functions is a crucial prerequisite for making Zero Trust work.

Automation Zeroes In

Zero Trust security architectures are underpinned by a segmented environment that limits the movements of attackers, isolating them and reducing their impact. In a Zero Trust environment all users, devices and applications are assigned a profile, based on techniques like digital identity, device health verification and application validation. They are then granted restricted access based on their profile. This prevents attackers from moving around freely, but it is also a precise and methodical process that provides and maintains genuine users and resources access, as and when required.

Enforcing granular permissions based on the profile of the user or digital asset is a complex process. Automation provides the means to perform these actions programmatically and at scale. It also ensures that new technologies and solutions can be constantly added either to support, or replace, existing systems to ensure actions are performed in line with Zero Trust policies.

Faced with a backdrop of emergent threats and an enterprise environment that is constantly evolving, automation provides the means to adapt quickly. Policies can be rewritten, while systems and processes can be reconfigured to deal with sudden changes or requests. This can be done at a micro level, dealing with very specific issues, or on a broader macro level, dealing with enterprise-wide issues.

An efficient automation platform allows security teams to coordinate multiple technologies, ecosystems and vendor solutions, across on premises and cloud environments. It helps to streamline processes and drive efficiencies. It supports the Zero Trust model as it allows organizations to prototype, enforce and eventually update their security policy framework, no matter how big or complex that framework happens to be.

Zero Trust allows enterprises to develop a security strategy from the inside out, but it requires careful planning, execution and continuous management. Security automation helps security operations and IT teams to collaborate and form a shared security practice while managing the scale and complexity of the infrastructure they have to protect and manage. 

Between them they can throw a protective layer across distributed cloud and IT infrastructures. Using automation, they can share processes and information to quickly identify, diagnose and neutralize issues before they escalate. CISOs can also make informed decisions about the investments they should be making and the solutions they should be adopting to respond to business needs, and deal with current and future threats.

What’s Hot on Infosecurity Magazine?