Updated July 21, 2022. Originally published June 16, 2021.
Perimeter security is the traditional model for preventing external attackers from accessing the corporate network. Security measures like firewalls and intrusion detection and prevention systems would act like security checkpoints, similar to physical perimeters like walls and doors. This solution was a good fit for legacy architecture and traditional networks. But nowadays, with the evolution of cloud computing, networks and IT environments, this model is no longer sufficient. Let’s see why, and how the zero trust security framework can help.
For years, organizational cybersecurity was focused on securing internal data and systems from external attackers. Businesses established data centers with in-house IT infrastructure that included servers, client devices, internal networks, internet gateways and applications. This infrastructure held almost all the organizational business information required for business continuity. Firewalls, demilitarized zones, antivirus programs and intrusion systems protected these assets, creating a clear border between those who were allowed access and those who weren’t.
Any user who had access to the network could access large parts of it, regardless of their job title or actual needs. This design was due not only to the network structure but to the workforce structure as well. Most if not all employees worked on-premises, and organizations scarcely ever supported remote work plans. Trying to access network assets remotely was a difficult process, with the perimeter security model treating remote workers as though they were intruders trying to access the crown jewels.
Perimeter-based security solutions were sufficient for their time, when businesses mostly required local network operations and employee connectivity to networks took place exclusively in the office. However, digital transformation and societal changes revolutionized network architecture and dissolved the perimeter. These changes include:
Modern enterprises prioritize digital transformation that is based on cloud infrastructure and services. Information, data and systems are no longer stored on-premises, but rather in external cloud data centers, which sometimes reside in a completely different country, or through a hybrid cloud.
As a result, employees can access the organizational information and apps they need from any location or device, businesses can easily scale and information is shared more easily. However, this also means that the perimeter is completely dissolved, as the businesses have no control over the cloud.
COVID-19 rapidly accelerated the adoption of remote work, making it difficult for organizations to define and secure IT environments using perimeter security models. With a recent Gartner study revealing that 74 percent of organizations intend to shift some employees to remote work permanently, it is apparent that a perimeterized workforce will become obsolete.
However, even before COVID the workforce had shifted. People were already working from home, or perhaps more accurately, also working from home or elsewhere outside the office. They were connecting from various mobile devices, home offices, airports, restaurants, and additional edges. They were speaking with users around the globe. And they needed access to organizational networks at all times of day and night. As a result, security solutions needed to evolve as well to account for this agile and ‘always on’ workforce.
As remote work and cross-branch connectivity requirements grew, enterprises initially relied on VPNs to provide remote workers with the ability to perform tasks securely while away from the office. Today, many businesses still resort to VPNs to enable secure remote connections. However, in light of a number of high-profile VPN breaches, the realization that VPNs still operate according to the perimeter-based security model by tunneling in remote users, and a demand for high performance and low latency, enterprises are looking elsewhere for a more secure and easy to use security solution.
As we’ve just described, today’s network perimeter is full of holes and access points are vulnerable. Migrating to a more modern zero-trust model can help organizations improve their security posture. In this model, the basic assumption of trust is replaced with the “never trust, always verify” principle. With no more inherent trust, users and devices are continuously authenticated every time they request to access an app or asset. Instead of immediately providing access to each identity, solutions like MFA and SSO will ensure that only users who require access to a certain resource will gain it.
Zero trust architecture enhances security because it protects the network from external attackers. At the same time, the model also assumes there are already attackers inside, and it protects against these as well. As a result, zero trust provides workers with more flexibility regarding when, how, and where they access organizational systems.
In a rapidly growing market of zero trust network access (ZTNA) providers, it’s essential to select the right one to support you throughout your entire zero trust journey. Here are 7 key questions to ask your provider:
Is users’ data exposed?
Who has control of the access rules?
Where are our secrets (passwords, tokens, private keys) kept?
How is the risk of internal threats mitigated?
What is the scope of secure access? Does it include users, networks, apps, etc.?
What is the ZTNA provider’s infrastructure? Are the servers located in the cloud or in a data center? Who can access it?
The last but very important question – What happens if the ZTNA provider is compromised? Will my organization and our data be at risk?
Cyolo is the leading zero trust access provider for modern networks and the first ZTNA 2.0 provider for organizations that want to protect their intellectual property. By securely connecting all users from anywhere without requiring a VPN, Cyolo enables employees to focus on their work and empowers your business to grow. Cyolo provides advanced user management features, real-time recording abilities, personal password vaults and an easy to use UI. Cyolo can also integrate with your VPNs, if needed.
Cyolo is an agentless first solution that takes minutes to implement and is compatible with any network topology and identity infrastructure. In addition, Cyolo does not have access to any organizational data, making it a true zero trust access solution. Not only does this ensure true privacy and security, it also improves performance and offers a better user experience. Schedule a demo to see it all for yourself.
Jennifer Tullman-Botzer is a cybersecurity nerd by day and a history nerd by night. She has over a decade of experience in cybersecurity marketing and is as tired as you are of hackers-in-hoodies stock images. Jennifer joined Cyolo in 2021 and currently serves as Head of Content. Prior to Cyolo, she worked in a variety of marketing roles at IBM Security. She lives in Tel Aviv, Israel.