HOME
NEWS

ZERO TRUST ARCHITECTURE (ZTA) Modern work anywhere architecture without VPN


By VARINDIA - 2021-09-21
ZERO TRUST ARCHITECTURE (ZTA) Modern work anywhere architecture without VPN

A broad security model that has been considered for implementation is modern cloud-native architecture for enterprise applications. The National Institute of Standards and Technology (NIST) fundamentally defines “Zero Trust” as having no trusted zones in the network and assuming attackers are present in your network. The Zero Trust (ZT) approach leverages continuous resource monitoring and dynamic risk evaluations to protect every individual asset/resource against a potential attacker within the network, hence “Zero Trust.”

 

The heart of Zero Trust Architecture (ZTA) is the Policy Engine (PE). PE is ultimately the decision maker on granting or refusing access using various datasets per session basis. This allows to move away from the user-id/password-based authentication and authorization model. Most enterprises will not implement a Policy Engine but buy one from a leading solution provider. The Policy Engine providers are actively innovating and providing interesting approaches to mitigate threats. However, the biggest hindrance has not been solution capability but the implementation and configuration of the architecture that best suits their needs. This leads to our clients asking how they go about enabling this “ZTA” in their organization.

 

Approach for Transition to Zero Trust Architecture

 

The good news is that this does not mean you have to start building your organization network and access policy from scratch; there are hybrid opportunities that can be leveraged. Every organization can follow different approaches to implementing Zero Trust Architecture that is ideal for their user flows and resource usages. The key success for migrating to any ZTA-based implementation from a legacy flat network depends on multiple factors. Based on our research and industry experience, we have classified overall success factors into the following buckets: Right Initiation, Operational Success Factor and Executional Success Factor.

 

1. Right Initiation:

• Identify Resources: Business critical resources, where they reside and what data they contain.

• Transaction Flow: Map the transaction flow by identifying user-groups and resource access across all critical data source components.

• Use-Case Based Implementation: Identify the high impact use-cases that would primarily benefit from leveraging ZTA to drive targeted solutions.

• Device Management and Configuration: Review against forecasted growth and current capability management.

• Automate processes as much as possible: Establish strong pipeline requirements to drive network efficiencies and reliability for the user base.

 

2. Operational Success Factor:

 

• Buy-In from the Top: This is an enterprise-wide initiative and will require organization-wide support and interactions. Given the holistic nature of it across the enterprise, executive governance is an absolute must for success.

• Build an Inter-Disciplinary Team: The transition to ZTA will require network, enterprise asset management, domain services, risk, fraud, etc. – a cross-domain leadership team is needed.

• Establish Consistent Funding: Such a large transformational journey requires consistent funding for a duration of a two-/three-year timeframe to do a gradual transition of the platform and applications.

 

3. Executional Success Factor:

 

• Self-Service Enablement: As the capabilities mature, the size and scale of such network transformation requires that individual application owners can self-service a large portion of ACLs and other access requirements. ZTA enablement must follow the same customer-first mindset. In this case, the customers are application developers and owners.

• Establish Common Implementation Patterns: Define well documented common patterns for enabling ZTA for common use-cases within the organization; for example Web/HTTPS based applications, device management, etc.

• Project categorization into Sub-Projects: Given the size and scale of such complex initiatives, it will require detailed planning that involves breaking overall ZTA migration projects into smaller milestones.

• Exception Scenario Planning: Issues will arise due to production failures and cyber-security implications. Having a well-established plan to deal with this will be critical and necessary to keep momentum in the program.

• Phased Roll-out: Large-scale transformation applies even more at such an intrinsic level. Do not onboard large/missioncritical applications. Don’t expect everything to go according to plan and be open to change or adapt your plan as your implementation proceeds.

• Long Tail Planning: Certain use-cases, such as legacy thick clients, NFS usage, etc., will require an extended timeline and changes to actual use-cases and business applications. It will require that the enterprise be committed to tackling these scenarios.

 

Why adopt Zero Trust Architecture (ZTA)?

 

•Reduced Risk of Cyber Security Breach: Increasing the cyber-security paradigm for the overall organization by finegrained network access control.

• Remote Working: ZTA inherently allows applications to be accessible from anywhere in the post COVID-19 world. This remote working trend will further accelerate and, in fact, ZTA can be a huge productivity enabler in such a mode.

• New Onboarding/VPN Reduction: COVID-19 has shown that VPN based architecture is hard to scale and can cause significant cost pressures. Users, especially in branches, contact centers, etc., can be easily onboarded in a ZTA model.

• Scalable and Analytics driven: A ZTA-based cybersecurity approach has security principles embedded throughout the data flow, hence it is highly scalable and allows data-driven decision-making with its strong reliance on active monitoring.

 

Conclusion

 

Today’s landscape requires change/reliability for the future. Given the nature of cloud-based applications and adoption of SaaS solutions combined with an increased need to enable safe remote working, ZTA allows for a scalable and dynamic approach to securing resources. With “Adaptive Digital Identity” being the cornerstone of ZTA, Zero Trust goes beyond configuration of profiles and enables optimal control for a secure user experience.

 

Frank Alfieri, Principal Consultant and Vikas Sharma, Advisor at Capco

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA