By the end of 2024, more than 75% of the global population will have their data covered under privacy regulations.
A recent report by Gartner, the technological research and consulting firm, reveals that Zero Trust Network Access (ZTNA) is the fastest-growing segment in network security. The zero-trust philosophy calls for an organization to reliably authenticate any person or entity asking to connect to its network systems and subsequently allow them access to their data. The information security and risk management study forecast that ZTNA will grow by 31% in 2023 driven by the continued increase in remote work.
Hybrid work has become a reality of life with employers facilitating the shift which started with the COVID-19 pandemic. The hybrid model will be served by ZTNA as opposed to VPN services. Zero trust is also about end-to-end encryption of data because it moderates the probability of data breaches. Compliance and ZTNA are how encryption is being driven into all aspects of an organization’s network and enterprise. Both are compelling people and businesses to change how they think about protecting their environment.
ZTNA has unique advantages in that it offers greater control over access and movement as the atomized network continues to grow. You achieve better control of applications and people popping up everywhere across the network. Zero trust calls for authentication and receiving of a set of permissions and authorizations for explicit access. It eliminates a single authentication and getting relatively open access to resources and devices on a network.
On the other hand, ZTNA encryption to secure all connections within a network is creating massive hiccups in other aspects of security. ZTNA encryption blinds many different network visibility and security tools that are typically used for enterprise protection.
Organizations that choose to use the secure access service edge (SASE) platform in managing ZTNA sacrifice some degree of visibility to ensure authentication and encryption. On the SASE platform, managing authentication and authorization happens when users connect to a provider’s dedicated cloud. Users find a seamless experience on these platforms but security teams report that they lack what they need to accomplish their roles. Security teams can only view access logs and authentication logs but cannot see real-time data from the cloud environment.
In other cases, organizations may choose to avoid the zero-trust option since it can be overkill for their environment. One of the options is implementing encryption for data privacy and security purposes. Most often, the highest level of encryption is deployed for internet-facing hosts and to secure data at rest and in transit within the organization.
Encryption Adding to the Risk Profile
As encryption is increasingly deployed, organizations are adding extra layers for security teams to unravel when troubleshooting and threat hunting. The combined impact of encryption and atomization of networks has led to the deprecation of numerous legacy tools that use deep packet inspection (DPI) and packet capture technologies. Legacy tools are becoming more complex and expensive to deploy and manage.
Conventionally, security professionals have always adopted the approach of seeing everything to detect and respond to incidents. The implication is that everything has to be decrypted. Decryption is a viable option but it isn’t possible to scale anymore. In dispersed and ephemeral environments where perimeters aren’t defined, placing an appliance in the middle to carry out decryption is becoming more difficult.
In the current environments, there’s more traffic to decrypt and a large number of certificates to manage. It also means that any point where encryption is broken for detection and response presents yet another point where sensitive data is exposed. The paradox lies in that some efforts to keep networks secure will end up increasing the risk profile of an organization.
Complete Network Security
Organizations must reimagine their approach to network security. Different business areas within an organization have their unique security challenges. Modification of the zero-trust architecture will facilitate the effective fulfillment of an organization’s specific requirements which can prove to be complex in hybrid environments. The new approach calls for visibility on what is going on to facilitate detection and response to threats without introducing additional risks.
More machines on networks have been installed with endpoint detection response (EDR) agents to offer visibility into local processes and hosts on the network. However, not all networked devices in an environment are capable of supporting an EDR agent. Keep in mind that an EDR doesn’t provide real-time visibility into network traffic.
Metadata in the form of flow data is one solution to achieving network security. It eliminates the challenge of capturing and inspecting every packet to view and monitor network traffic for detection and response purposes. Metadata is readily available across multi-cloud, on-premises, and hybrid environments. Enrichment of metadata with context offers high-level real-time visibility of traffic across the atomized network.
In combination, EDR and meta data give the best picture of what is going on in a network, what the network is doing, and any other happenings to allow the detection of attacks without breaking encryption. If any strange behavior is noted and calls for a deeper dive, security teams can narrow the scope of what is being looked at and narrow the data to be decrypted. Essentially, an organization can significantly reduce its risk profile by changing its procedures to carry out decryption only when necessary. Other advantages include decreasing the cost and complexity of tasks.
In conclusion, encryption and zero trust don’t break key protections on a network. Cybersecurity experts agree that ZTNA and encryption are fostering an inevitable change for the better. Organizations can now stop doing 100% decryption that doesn’t scale and will introduce additional risks through the adoption of ZTNA and encryption. Both encryption and ZTNA provide comprehensive visibility and necessary coverage to protect atomized networks.
Author: Alessandro Civati
Blockchain ID: https://lrx.is/XciHB8b5Of