SCC and Fortinet: Responding to new threats with Zero-Trust Network Access – Blog
To accelerate business and remain competitive, organisations are rapidly adopting digital innovation (DI) initiatives. This means business applications and data are now dispersed far and wide, away from the corporate premises, giving workers access to more corporate assets from many locations. For this reason, the traditional perimeter is dissolving, which opens the internal network to a growing attack surface – a top concern for CISOs.
In response to these threats, organisations need to take a “trust no one, trust nothing” approach to security. Specifically, CISOs need to protect the network with a Zero-Trust Network Access policy, making sure all users, all devices, and all web applications from the cloud are trusted, authenticated, and have the right amount of access. Zero-Trust is critical to securing digital innovation, no matter what the nature of the individual project.
According to Fortinet Field CISO Peter Newton:
“There is a major emphasis on the concept of Zero-Trust Network Access because companies are recognising that, number one, they have all these VPN Tunnels that need to understand and confirm who the users are and two, they have users on all different types of devices that now have access to the corporate network. This is where the ability to understand and see everything on that network has become key and that is why our Teleworker Solutions has gotten a lot of attention and activity in the months since COVID-19 first hit. Now customers are finally able to take a step back now and evaluate whether they put every security measure in place that they needed to so that their teleworker solutions are effective long-term. As a result, many of them are shoring up their Zero-Trust capabilities so they know exactly who and what is on their network well into the future as employees continue to work remotely.”
For security leaders, it is impossible to keep up with the growing number of attacks using a traditional approach to network access. That is why there is a shift happening, from trusting everything on the network to not trusting things. With a well-functioning zero-trust access model, CISOs organize their approach using specific vulnerable areas of the network edge that can be considered untrustworthy: users, devices, and assets both on and off the network.
Fortinet Field CISO Alain Sanchez adds:
“Zero-Trust Network Access is a very strong concept, and a necessary approach as more and more business-critical and life-critical processes are becoming fully digital. However, for people not versed in cybersecurity, the word might carry negative connotations. Wrongly interpreted, it might resonate as if the network, the PC, the applications, or in fact the entire digital ecosystem will stop recognizing its users. It can be seen as a barrier to productivity.
“Zero-Trust Network Access is a foundational pillar of any effective security strategy. It actually enables the right person to have immediate access to the resources they need to do their job, while also eliminating the risks and downtime that can result from unauthorized access. However, to advocate for the adoption of necessary security solutions such as this, especially as the cyber threat landscape continues to evolve, CISOs need to do more and more communication and education. They will find themselves not only needing to explain what needs to change and why, but more importantly, how these changes will benefit the organisation. This is particularly important to those teams that have, until now, been managing user network access based on a legacy notion of implicit trust.”
How does Zero-Trust Network Access work?
A Zero-Trust Network Access strategy focuses on network connectivity and has three essential functions.
The ‘what’: Know every device that’s on the network
The ‘who’: Know every user that accesses your network
The ‘how’: Know how to protect assets on and off the network
No longer optional
One of the main reasons for the growing attack surface is due to the proliferation of IoT and smart devices that are coming onto the network. Security leaders often lack full visibility into the flood of devices accessing the network—and CISOs have learned hard lessons regarding what they can’t see that will hurt them. To fully secure all of these endpoint devices, enterprises need a zero-trust access policy across the entire network that provides visibility into where each device is, what it does, and how it connects to other devices across the network, as well as continuous monitoring to detect any behavioural anomalies that could indicate a threat. As security leaders navigate a workforce that is working from a variety of locations and using both personal and business devices to access the network, they need a way to protect all endpoints at the network edge. With a zero-trust access approach, organisations can improve visibility of all devices on and off the network, enable advanced protection, and implement dynamic access control, all while reducing the attack surface.
Integrated security from SCC
COVID-19 is changing the technology culture and infrastructure of every medium-sized and large organisation faster than any known event or phenomenon. This means changes will continue coming – and hackers will continue to target our growing dependence on digital tools. Businesses that focus on a return to “near-normal” will be investing time, effort and money in a battle long lost. SCC’s security solutions provide an integrated security suite that delivers the right technologies to enhance existing practices. We deploy solutions to help customers secure cloud, data, networks and systems to mitigate risks that may stem from insider and external attacks. We build solutions that can help you to control, govern and manage user identities and access to services and data across your infrastructure. SCC is a Fortinet Expert Integrator partner, which is the highest level achievable. We have many years of experience securing customer networks, as demonstrated by our Fortinet Platinum Partner of the Year award in 2018 for our expertise in designing and delivering the Fortinet security fabric. Our depth of capabilities for the solutions we provide assures customers that we can execute with greater agility. We have extensive experience, qualifications and certifications in a wide range of partner technologies that underpin our solutions. You benefit from thought leadership, key knowledge and vital experience, shared across our global partner network.