DevOps Supply Chains and Zero Trust: A much-needed partnership

By Harish Kumar GS, Head of Sales, India and SAARC, Check Point Software Technologies

Zero Trust Network Access (ZTNA) is becoming a critical element of standardized security architecture. A ZTNA model “never trusts and always verifies.” When implemented, ZTNA limits access on an application-by-application basis, authenticates every device and user, no matter where they are located and acknowledges today’s complex networks and makes zero assumptions

Gartner® defines ZTNA as “products and services that create an identity- and context-based, logical-access boundary that encompasses an enterprise user and an internally hosted application or set of applications. The applications are hidden from discovery, and access is restricted via a trust broker to a collection of named entities. The broker verifies the identity, context and policy adherence of the specified participants before allowing access, and minimizes lateral movement elsewhere in the network[1].”

More than simply a VPN replacement, ZTNA ensures all users and devices—whether inside or outside the organization’s network—are authenticated, authorized, and continuously validated for security configuration and posture before being granted or maintaining access to applications and data.

ZTNA is seeing escalating growth and is forecast to grow 36% in 2022 and 31% in 2023, due to remote work and a resulting increased usage of VPNs which need protection, according to Gartner. Infact, Gartner predicts that by 2025, at least 70% of new remote access deployments will be served predominantly by ZTNA as opposed to VPN services, up from less than 10% at the end of 2021.

This need to adopt ZTNA is well understood by organisations here in India where according to IDC, over 54% of large enterprises in India are planning to implement SD-Branch and ZTNA as a part of a drive towards SASE adoption. With such a recognition of the value, organisations included DevOps teams are moving towards faster adoption.

However, building a DevOps supply chain requires thought and effort, and sometimes luck. Cyber security threats continue to increase as malicious actors become increasingly sophisticated, exposing businesses of all sizes. Today, it can be said with certainty that the only thing you can trust is distrust. But how do you protect your digital infrastructure when criminals just need one misconfiguration to paralyze your entire ecosystem?

That’s where the Zero-Trust principles come in. Applying Zero Trust means your DevOps supply chain security measures must begin before any code hits production and must be implemented at all points of the DevOps cycle – from code to cloud. This starts by establishing granular authentication and access policies, introducing automated tools for supply chain assurance, and performing in-depth security audits to identify weak points in the development pipeline.

These Zero Trust principles should then apply to the cloud to detect and remediate security risks early on in the development lifecycle, and you do this by shifting security left. This is done through rigorous scanning of all elements involved in the DevOps process, including the code, applications, container images, cloud environments, and other elements, to identify vulnerabilities and security risks. Additionally, ensuring you have applied the correct entitlements based on least privilege to all your cloud assets alleviates the risk of attacks. The key here is to make sure that securely is tightly coupled into CI/CD, frictionless for developers, and automated to help security operations.

Customers must keep a keen eye on their security to ensure Zero-Trust security measures are followed in the runtime environment. It is crucial to identify any potential risks, prioritize threats, and use prevention-first application security tactics to defend against zero-day attacks. Container security, which prevents malicious content and tracks image-level events, is another integral component. Finally, to keep pace with the threats posed in this ever-evolving digital world, threat detection and remediation tools must be employed to spot any potential threats and rapidly address them before they cause further harm.

Developing a DevOps Supply Chain on Zero-Trust principles is one of the best strategies companies can employ. It’s imperative for companies to deploy their services with security in mind, as a single misconfiguration in the code can have far-reaching consequences, like the crippling of an entire system.

And it doesn’t stop there; enterprises should take the time to educate their teams and customers on how to apply Zero-Trust principles. A well-informed team is one of the organization’s best resources and can help secure the entire system and improve customer experience.

A more secure infrastructure is possible with security software that can help drive this. For instance, Check Point Quantum SD-WAN offers branch offices unparalleled protection from the most imminent cyber threats without compromising on connectivity, with a 99.7% catch rate. Check Point Infinity Spark for SMB delivers industry-leading threat prevention with an integrated fast connectivity suite, including 5G and Wi-Fi 6 while Check Point CloudGuard CNAPP is a comprehensive cloud-native solution that unifies security, giving more context and smarter prevention across the application lifecycle. Finally, Check Point CloudGuard NSaaS merges web application protection with network security to pre-emptively block Log4J and other cyber-attacks.

Zero Trust will power the next decade of DevOps and organisations just need to step up to ensure they implement them to help protect their business.