CIO OPINION
State of network security to around 2010
The network no longer had a single , unbroken network perimeter . It had become ‘ porous ’ to support mobile and remote workers , as well as business partners and new third-party services .
‘ One and done ’ authentication of entities requesting access became inadequate for the new and more complex network security demands .
You could no longer assume that anyone on your network , including your staff , could be trusted .
A better network security architecture
The realities of 21st-century enterprise networking required a new paradigm and in 2010 , John Kindervag , an analyst at Forrester Research , wrote a paper that popularised the idea of the Zero Trust architecture . Over the next few years , as enterprise computing evolved to embrace cloud computing and the problems with perimeter security became more pressing , the concept of the Zero Trust architecture gained traction .
The fundamental concept of the Zero Trust architecture is simple : Never trust , always verify .
To reiterate , the Zero Trust security architectures are based on not trusting anyone or anything on your network . This means that network access is not granted without the network knowing exactly who you are . Moreover , every access attempt by any entity must be validated at multiple points throughout the network to make sure no unauthorised entity is moving vertically into or laterally within the network without being detected .
Making a Zero Trust network really work requires indepth traffic inspection and analytics . Central to this is the use of SSL inspection solutions that decrypt and analyse encrypted network traffic ( sometimes called ‘ break and inspect ’) to ensure policy compliance and maintain privacy standards .
By monitoring encrypted traffic to detect suspicious network communications and malware payloads as well as attempts to exfiltrate controlled data , for example , credit card and social security numbers , SSL inspection makes it possible for the Zero Trust model to comprehensively do what it ’ s supposed to do – protect networks from both internal and external threats .
The network no longer had a single , unbroken network perimeter . It had become ‘ porous ’ to support mobile and remote workers , as well as business partners and new thirdparty services .
www . intelligentcio . com INTELLIGENTCIO AFRICA 39