![\"Staff](\"https:\/\/zpesystems.com\/wp-content\/uploads\/2021\/10\/Network-Security-1024x683.jpg\")
<\/p>\n[et_pb_section fb_built=”1″ _builder_version=”3.22″ da_disable_devices=”off|off|off” global_colors_info=”{}” da_is_popup=”off” da_exit_intent=”off” da_has_close=”on” da_alt_close=”off” da_dark_close=”off” da_not_modal=”on” da_is_singular=”off” da_with_loader=”off” da_has_shadow=”on”][et_pb_row _builder_version=”3.25″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.10.8″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”]<\/p>\n
<\/p>\n
How to implement zero trust security is a growing focus of organizations across the globe. With cyber attacks frequently hitting some of the largest companies and threatening entire economies<\/a>, it\u2019s no wonder why comprehensive network security is a top priority among public- and private-sector entities.<\/p>\n In this post, we\u2019ll show you what you need to implement zero trust security, from big-picture items to individual technologies.<\/p>\n But first, here\u2019s a recap of zero trust security and why your business won\u2019t be safe without it.<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.10.8″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”]<\/p>\n Imagine bringing in a new hire to your department. Soon after, you notice suspicious computer slowdowns and applications that don\u2019t respond as usual. You dive into your program files and discover an unknown .exe file, and you dive deeper to discover attackers actively exploiting your resources. You quickly pull your team together to lock down your network, sanitize every computer and connection, and send out a company-wide instruction to have every employee reset their password.<\/p>\n It turns out, your newest employee unknowingly clicked a bad link and opened the door for a trojan horse attack. But because of your quick response, no significant damage was done and you can rest easy again.<\/p>\n Months later, you come in for your normal workday only to find all your systems locked and unresponsive. Dave, a senior engineer, retired on the day of the attack and never reset his password. The hackers stole his credentials and have gone unnoticed for months. Now your company and its customers are compromised, and the consumer markets you serve are in a frenzy due to a shortage of goods. You can\u2019t help but feel somewhat responsible for the entire ordeal.<\/p>\n This example mimics recent real-world cyberattacks and highlights the importance of moving away from traditional security approaches.<\/p>\n Traditional architecture uses the castle-and-moat security approach. Once a user gains access (crosses the moat), they become trusted to use your organization\u2019s resources (the castle). Aside from the occasional password reset or other authentication protocol, this approach leaves plenty of opportunities for outsider and insider attacks. Zero trust security, however, places a moat around every node and user. This means that no matter how often a system or user needs to access a resource, they always have to verify their identity and intent.<\/p>\n In other words: never trust, always verify. In our example above, implementing simple two-factor authentication could have alerted Dave to his stolen credentials, which would have prevented the attack.<\/p>\n The need for zero trust is due to the explosion of distributed networking. Communications used to be straightforward and centralized: a trusted user using a trusted device would connect from a trusted office location to the data center. Apps and data were securely transmitted between parties, and sealing out attackers could be as simple as deploying a new point solution or product. But user expectations changed all this; now, they need to connect from anywhere using a variety of devices, which means the modern network includes SaaS, cloud, and third-party platforms. This hybrid infrastructure means there are now more nodes and lines of communication than ever \u2014 and each is vulnerable to attack.<\/p>\n If the recent attacks on SolarWinds, Microsoft Exchange, and Colonial Pipeline aren\u2019t convincing enough, consider the latest hack involving Kaseya<\/a>, an American company that specializes in IT and network management software. By exploiting the virtual systems\/server administrator (VSA), attackers were able to compromise up to 1,500 of Kaseya\u2019s customers, shutting down educational services, law firms, and an outpatient surgical center in South Carolina.<\/p>\n Pervasive attacks like these have prompted political action, with the President signing a cybersecurity executive order this past May. Read our breakdown of the legislation<\/a> and how it aims to improve cybersecurity across public and private sectors.<\/p>\n Now that you know why you need better security, how do you implement zero trust?<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.10.8″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”]<\/p>\n Zero trust is merely a concept, however implementing Zero Trust Network Access (ZTNA) means putting this concept to work. Implementing ZTNA involves two parts:<\/p>\n At a high level, this diagram shows the components you need when considering how to implement zero trust.<\/p>\n There are three major components to look at in the big picture of zero trust security:<\/p>\n To better understand these, here\u2019s a closer look at each:<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.10.8″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”]<\/p>\n This component is pretty straightforward, and consists of elements you need to operate and manage IT environments. These elements can include hardware like computers and data storage devices; software such as web servers, content management systems, and operating systems; and network equipment like servers, routers, firewalls, and out-of-band devices.<\/p>\n <\/p>\n This component consists of the datapath elements that enable, monitor, and terminate connections between subjects (users \/ devices \/ applications) and your enterprise resources. Though this is represented as one component, it is comprised of two parts that are both typically used in deployments. These parts are:<\/p>\n <\/p>\n This component is the management and orchestration layer. This layer essentially checks identities to verify who is safe, and assigns policies to determine who gets access and to what. This is also represented as one component but is comprised of two parts:<\/p>\n There are many tools available to help you monitor and visualize traffic, so you can create policies and configure your policy decision point to meet your zero trust outcomes.<\/p>\n In order to create your zero trust configuration, you need to deploy several essential technologies.<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.10.8″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”]<\/p>\n Zero trust is a complete re-imagining of network security and can be a daunting task. But when you add its fundamental technologies to your toolkit, you can effectively build the three components described above and achieve Zero Trust Network Access (ZTNA). Here are the essential technologies you need to accomplish this.<\/p>\n <\/p>\n Such a big part of zero trust security relies on verifying that a device or user really is who they say they are. For this, you need an identity management solution from a trusted provider and public key infrastructure (PKI). This allows you to essentially create and issue a digital fingerprint for every user, and includes information such as their username, role, and other unique data. Multi-factor authentication is a critical component of identity verification, which requires users to present two or more pieces of identification\/verification before granting access.<\/p>\n Additionally, access management is an important piece that determines a user\u2019s authorization level, or in other words, which resources they can access. Identity and access management both feed information into your zero trust model\u2019s policy engine.<\/p>\n <\/p>\n Another essential technology to have is a policy management solution. This is integrated into your security stack and serves as a single policy creation point. This allows you to define access and authentication policies for your entire organization.<\/p>\n You can specify data access rules for users, devices, and roles, which is vital to achieving micro-segmentation, limiting lateral movement, and enforcing least-privilege access. All of these feed into your policy engine and are used by your policy enforcement point to validate whether a session is allowed to continue.<\/p>\n <\/p>\n Tying everything together requires equipment and applications that are able to enforce your policies. These are physical or virtual solutions that sit in front of servers and serve as your enforcement points. For example, this could be your next-gen firewall (NGFW) that initiates the multi-factor authentication protocol, verifies a user\u2019s identity, and uses your defined policies to restrict the user\u2019s access to a specific segment of your network.<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.10.8″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”]<\/p>\n When considering how to implement zero trust, keep in mind that there are many vendors who can provide you with the essential technologies.<\/p>\n Here are examples of what proper zero trust implementations look like, with ZPE Systems\u2019 Nodegrid as the edge infrastructure platform:<\/p>\n In this diagram, you can see where ZTNA and Nodegrid fit into the scheme at the data center. The user connects via Internet, and the Nodegrid SR device serves as the Policy Enforcement Point hosting a VM. This VM communicates with the Policy Engine to authenticate the user, and then grants access to the data center application.<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.10.8″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”]<\/p>\n In this diagram, the user tries to connect to an application at a branch, edge, or other distributed location. The user connects via Internet, where SASE and ZTNA provide secure connectivity. The Nodegrid SR device connects via VPN to the Policy Engine for authentication, and then grants access to the branch application.<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.10.8″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”]<\/p>\n To protect your organization, implementing zero trust requires you to build out the main components. With the policy decision point and policy enforcement point in place, you can secure your enterprise resources from outsider and insider attacks. Ensuring these components work like a well-oiled machine means you need the proper identity and access management tools, a complete policy management solution built into your security stack, and equipment and applications that can enforce your zero trust security policies.<\/p>\n Because user expectations have caused infrastructure to become incredibly distributed and complex, the attack surface has increased dramatically. The traditional castle-and-moat approach to security is no longer adequate, and recent newsworthy cyberattacks showcase the network vulnerabilities that even the largest companies still struggle to address. The President\u2019s latest cybersecurity executive order is a step in the right direction to bolster infrastructure protection for public and private sector entities, and you can use this blog as a starting point to begin your zero trust journey.<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.10.8″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”]<\/p>\n Watch our webinar, Cyberattacks: 5 Security Must-Haves for Hybrid Infrastructure Gateways, and learn how to lay a solid foundation that makes implementing zero trust easier. Our experts will talk you through how to:<\/p>\n Watch now<\/a> to protect your business from growing cybercrime.<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.7.4″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”]<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" How to implement zero trust security is a growing focus of organizations across the globe. With cyber attacks frequently hitting some of the largest companies and threatening entire economies, it\u2019s no wonder why comprehensive network security is a top priority among public- and private-sector entities. In this post, we\u2019ll show you what you need to […]<\/p>\n","protected":false},"author":5,"featured_media":22730,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":" It\u2019s Friday morning, and you\u2019re bringing a new site online with <\/span>zero touch provisioning<\/span><\/a>. Your remote branch devices arrived the night before, and all you want the store manager to do is plug them in. A few minutes later, your job is finished and you\u2019ve still got your entire day left. What are you going to do with all your free time?<\/span><\/p> This is the picture that\u2019s commonly painted of zero touch provisioning. And why not? When <\/span>compared to manual provisioning<\/span><\/a>, zero touch brings drastic improvements and efficiency to deploying networks. Its biggest benefits include:<\/span><\/p> With zero touch, you don\u2019t have to be on site for days or weeks manually configuring individual devices. You also shrink the risk of human error that can unwind all your deployment progress and force you to start over. And when it comes to scaling, it eliminates so many of the shipping costs and technician expenses, and instead lets you spin up new sites in a single day.<\/span><\/p> The trouble with zero touch provisioning is that it usually comes with hidden obstacles that vendors don\u2019t tell you about. Zero touch promises to make deployments quick and easy, but these obstacles can eat up your time savings and make you vulnerable to attacks.<\/span><\/p> Here are 3 big drawbacks you need to know about zero touch provisioning.<\/span><\/p> Imagine you\u2019re on location setting up a plethora of devices from different vendors. You plug in your zero touch solution, but you still have to manually configure three other vendor devices that make up your stack. This is the first major drawback to zero touch provisioning.<\/span><\/p> For the most part, zero touch is limited to one vendor\u2019s solutions and doesn\u2019t extend to devices or solutions from other providers. This is usually to encourage purchasing multiple solutions from or standardizing on one vendor.<\/span><\/p> Why is this a drawback?<\/span><\/i> This is just another approach to vendor lock-in. It limits your freedom when trying to leverage zero touch provisioning, which can be a major drawback especially in custom, multi-vendor environments. When you\u2019re choosing a zero touch solution, consider how much of your stack it can actually automate and how much time you\u2019ll still have to spend on manual provisioning.<\/span><\/p> What happens if you set up your site with zero touch provisioning, only to discover that your network is already under attack? You wonder how it could have happened, but then you remember all of the preconfiguring required to make zero touch possible. This is another major drawback.<\/span><\/p> Most solutions do live up to the promise of being \u2018zero touch,\u2019 but only after you\u2019ve performed extensive preconfiguring of your devices. This is a major security concern because you\u2019re loading up your stack with sensitive information about your network. <\/span>Recent reports<\/span><\/a> show that ransomware claimed a victim every 10 seconds in 2020.<\/span><\/p> Why is this a drawback? <\/span><\/i>With your network attack surface more distributed now, especially during the pandemic, it\u2019s critical to minimize your exposure to threats. But having to preconfigure your devices for zero touch provisioning makes it easier for you to become a victim. Even if you can keep careful watch over your devices to ensure no physical attacks occur, hackers can easily exploit your systems through something like an open port that one of your employees forgot to close. In a nutshell, preconfiguring puts you at unnecessary risk.<\/span><\/p> The ultimate goal of using zero touch provisioning is to add convenience to deployments and management. You want to save time and effort all around by eliminating manual work. But another major drawback to zero touch is that it puts a limit on how much and how many of your processes you can orchestrate.<\/span><\/p> Automation is when you can automate simple tasks, while orchestration is when you can automate entire processes and workloads. Most zero touch solutions allow you to implement a little bit of both automation and orchestration, but limit or simply lack support for orchestrating across devices and environments.<\/span><\/p> Why is this a drawback? <\/span><\/i>The more manual work you have to perform, the less value you get out of zero touch provisioning. And most solutions require you to manually bootstrap VMs, activate service licenses, run Docker apps, and even update device firmware as new patches are released. Though zero touch might save you time and effort on initial setup, consider how these savings might evaporate in the long run.<\/span><\/p> Imagine you\u2019re setting up a new network. Your environment is tailored specifically to your needs, which includes a custom-built monitoring application, Palo Alto NGFW, data thinning workloads, and a host of other solutions meant to optimize operations. And the best part is, you don\u2019t have to worry about vendor lock-in, security gaps, or limited orchestration. All you need to do is plug in your devices, and the entire environment will build itself in just a matter of hours. Everything just works so you don\u2019t have to.<\/span><\/p> That is what true zero touch provisioning feels like, and it\u2019s something we\u2019re passionate about at ZPE Systems. That\u2019s why we\u2019ve spent years building zero touch convenience features into our Nodegrid solutions. You don\u2019t have to put up with these major drawbacks any longer.<\/span><\/p> Nodegrid\u2019s zero touch provisioning extends across vendor solutions, even to devices that don\u2019t support automation. This means that you can automate and push configurations to whatever you connect to Nodegrid \u2014\u00a0including legacy switches, routers, and other equipment.<\/span><\/p> Nodegrid\u2019s zero touch provisioning also eliminates the need to preconfigure devices. ZPE Cloud serves as your repository for configuration files and allows you to remotely push these files to 100% factory-default devices. Physical attacks no longer pose a threat, while built-in security features and alerts automatically block and pinpoint attacks.<\/span><\/p> Because Nodegrid OS is Linux-based, it gives you the freedom to orchestrate across devices and environments, with a rich API library and your choice of tools like Ansible, Chef, Puppet, and REST. You can save time and effort on deployments and ongoing management. This means that you can implement a zero touch provisioning solution that automatically spins up VMs, deploys Docker containers, activates service licenses and configures service chaining, updates firmware, and carries out any number of workloads you need.<\/span><\/p> When you\u2019re choosing a zero touch solution, carefully consider how these drawbacks will impact your deployment and management efforts. To help you, download <\/span>The Definitive Guide to Zero Touch Provisioning<\/span><\/a>, and when you\u2019re ready to implement your solution, use our <\/span>4-Step Checklist for Setting Up Zero Touch Provisioning<\/span><\/a>.<\/span><\/p> For regular updates to help you streamline enterprise networking, sign up for our newsletter using the form below.<\/span><\/p>","_et_gb_content_width":"","content-type":"","footnotes":""},"categories":[98,103,96,35,97,90,134],"tags":[],"class_list":["post-22718","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-logging","category-improve-network-security","category-sd-wan","category-sase","category-user-management","category-vendor-neutral-platform","category-zero-trust-security"],"yoast_head":"\nWhy you need Zero Trust Security<\/h1>\n
How to implement Zero Trust: The big picture<\/h1>\n
\n
![\"A](\"https:\/\/zpesystems.com\/wp-content\/uploads\/2021\/10\/Three-Main-Components-of-Zero-Trust-1024x587.jpg\")
<\/p>\n\n
Enterprise resource<\/h3>\n
Policy enforcement point<\/h3>\n
\n
Policy decision point<\/h3>\n
\n
How to implement Zero Trust: Essential technologies<\/h1>\n
Identity and access management<\/h3>\n
Policy management<\/h3>\n
Zero trust equipment and applications<\/h3>\n
Where can you get these essential Zero Trust technologies?<\/h1>\n
\n
![\"Implementation](\"https:\/\/zpesystems.com\/wp-content\/uploads\/2021\/10\/ZTNA-at-the-data-center-1024x587.jpg\")
<\/p>\n![\"Implementation](\"https:\/\/zpesystems.com\/wp-content\/uploads\/2021\/10\/Zero-trust-with-SASE-1024x587.jpg\")
<\/p>\nHow to implement Zero Trust: A recap<\/h1>\n
Don’t get caught without these 5 security must-haves<\/h1>\n
\n
<\/h3>\n<\/p>\n<\/p>\n
![\"Business](\"https:\/\/zpesystems.com\/wp-content\/uploads\/2021\/08\/Business-person-using-laptop-300x169.jpeg\")
<\/p>So what\u2019s the problem with zero touch provisioning?<\/b><\/h1>
Drawback: Zero touch provisioning is limited to one vendor<\/b><\/h1>
Drawback: Zero touch provisioning isn\u2019t secure<\/b><\/h1>
Drawback: Zero touch provisioning limits orchestration<\/b><\/h1>
Can you avoid these drawbacks?<\/b><\/h1>
Get free resources to help you deploy zero touch provisioning<\/b><\/h1>