Zero Trust Secure Access in 2019
Today's enterprises are increasingly under attack by threat actors bent on breaching network perimeters. Notable breaches are now almost a weekly occurrence, with Marriott's 500M records being just the largest and latest. Estimates suggest that over 5 billion records were collectively stolen in data breaches in the first half of 2018 alone.
In the Marriott case, an unauthorized user gained access to Starwood Resort's database in 2014, but it was only uncovered four years later. (Starwood, in fact, had their cash register systems penetrated in a separate incident in 2015.) According to the NY Times, the stolen records have not yet shown up for sale on the "dark web" which suggests that this breach is a China government-sanctioned attack.
So, administrators are understandably worried about sensitive corporate data, like customer contact information or financial data, and how best to ensure they're not the next victims. But, it's also part and parcel of businesses to enable connectivity and encourage productivity for their mobile workforces. Because of these two forces, there has been increasing interest in Zero Trust secure access due to the proliferation of users, the number of devices, and the applications being accessed.
Zero Trust requires users and their devices to go through an authentication and authorization process prior to (and during) a connection to an application. While usernames and passwords alone were sufficient a few years ago, given the risks associated with breaches it is good security hygiene to:
* Authenticate and authorize every user by requiring single sign-on and multi-factor authentication
* Verify and validate every device that connects by checking it for the presence of malware and anti-virus software, OS version, and other metrics
* Deploy policies centrally to enable local and mobile workforce access to appropriate resources only
* Protect data transactions through always-on, on-demand, and per-app VPN, reducing data loss and leakage
When verifying users and devices, enforcing multi-factor authentication and single sign-on ensures that users are vetted while streamlining the login experience. Assessing the device before and during the connection prevents rooted or jailbroken devices from connecting, reducing the chance that malware can infect your network.
Pulse Secure's natural-language and context-based policy definitions can also quarantine, grant, or deny access to devices that may not be in an ideal state. Those same policies can be distributed centrally from Pulse One, our comprehensive management application.
And, if you're using Pulse Secure's Workspace feature, it's possible to provision, configure, and wipe corporate data from mobile devices if needed. Indeed, ESG estimates that 56% of organizations have adopted a digital workspace strategy, or plan to do so in the next six months.
Pulse Secure's advanced VPN features offer further ways to secure transactions through always-on and on-demand connections. Always-on requires the use of secured sessions when accessing any application. On-demand, however, only leverages a secure tunnel if the application itself requires it.
Zero Trust allows you to:
* Mitigate endpoint exposures and ransomware risks with "comply-to-connect" and always-on VPN
* Enforce NAC-based micro-segmentation for different groups of users
* Provide visibility and control with network profiling, RADIUS, and network access control
* Switch VPN access and policies across hybrid IT environments for flexible, elastic productivity
Pulse Secure has been providing Zero Trust solutions since our inception. We are the leading Secure Access vendor offering a unified client across operating systems for streamlined, consistent user access, extensive authentication and device compliance, and centralized, unified policy enforcement and management. All of it built for hybrid IT: mobile, data center, and cloud.
- Marriott data breach