Zero Trust Vs. Defense in Depth What Does It Mean? ✓ CISOs & CIOs Zero Trust Network & Architecture ✓ Cost Savings in Productivity.
For more information please visit https://www.ciotalknetwork.com/defense-in-depth-or-zero-trust-or-sase-what-does-it-all-mean-anyway/
What is Defense-in-Depth?
This is the idea that an organization can place technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), web proxies or secure web gateways, end point protection (antivirus), etc., between the attacker and the protected asset as a means of having redundant technologies that can defend the enterprise; should one layer of defense fail, another can pick up. Most people consider administrative controls such as organizational policy and processes to be part of the overall Defense-in-Depth model.
What is Zero Trust?
In concept, this one is simple to describe. This model of thinking assumes every connection within your enterprise is hostile. Threats are assumed to always exist within the enterprise. In this model you don’t use terms like trusted network or trusted host. Every device and every user is authenticated. In short, this is kind of a verify and trust versus a trust but verify way of thinking.
Think of it as asking for someone’s driver’s license to validate their identity while simultaneously verifying with the DMV that the driver’s license is in fact legitimate. The interesting thing about this architecture is that the components needed to establish this type of scrutiny of devices and people can be quite expensive, but most organizations probably already have a fair amount of the technology needed to establish the control plane for Zero Trust in place – I will explain this later.
What is SASE (Secure Access Service Edge)?
This construct, published by Gartner in 2019, is actually a very elegant way to describe not only the morphing of security architecture into this decentralized type of access control plane, but also how the ideas of both Defense-in-Depth and Zero Trust are evident throughout the description of the SASE architecture. SASE as a concept arranges defensive architecture in such a way that it converges networking and network security into a single point of reference to support the needs of businesses moving to or operating exclusively in the cloud. This concept has been referenced a lot in the past year as a means to describe how an enterprise might be reshaped to better support the new work from home model that has evolved as a result of the global pandemic.
Role of Defense-in-Depth, Zero Trust and SASE
Now, that we have some definitions on the table, I want to take a moment to let you know the good news is that you are likely already on your way toward a well-defended enterprise, with layers of protection that do not trust anything that is connecting with it in the environment, and with a dynamic access edge that is shifting to support your work force and customer demands. I can say this because Defense-in-Depth, Zero Trust, and SASE are concepts.
They exist to provide description to a complex combination of technical and administrative controls and are coalesced into your cybersecurity strategy. You already likely have layers of defensive technologies in place. You also likely have capabilities inherent to many of your products that either support or provide some level of multifactor authentication, which allows you to at least start implementing an Identity and Access Management program essential to establishing a Zero Trust control plane. You are also likely already conducting daily work processes through cloud hosted services and are accessing components of your enterprise from any device anywhere in the world.
In closing, I want to put forth the idea that we move our planning beyond focusing our efforts based on a singular concept or even concepts. Instead, describe your enterprise based on the analysis of your exposure to the most common and most likely threats to your specific organization, and what your current ability is to respond to these threats via policies, processes, plans, and technologies.
Look at how your enterprise services your employees and customers, and measure this against how the company plans to improve the customer experience and what that will require from the employees. After you have done this, the technology roadmap becomes apparent. You will know what technologies you need, and how they need to be arranged to mitigate risk and improve efficiency and access. Finally, when you have all of this evidence in front you, the network can be logically depicted to show a Defense-in-Depth posture with overlays that show where Zero Trust and SASE efforts are to describe how your enterprise is verified, accessed, and defended.
