With cyberthreats becoming more frequent and sophisticated by the day—and network endpoints increasing due to remote workforce trends and corporate BYOD policies—companies are making advanced security a top priority. As a result, there’s increasing emphasis on implementing zero-trust network architecture.
What is a zero-trust network?
Zero-trust networks are built on an IT security model that requires strict identity verification for every user and device that tries to access resources on it—regardless of whether they sit within or outside the network perimeter. All activity is inspected and recorded to detect abnormal behavior.
A zero-trust network also adheres to the principle of least-privilege access: giving users only as much access as they need and minimizing their exposure to sensitive network resources.
Zero-trust network architecture is not associated with any specific network technology. It incorporates several different principles and technologies, including:
How to start implementing zero-trust network architecture
- Microsegmentation—This involves dividing security perimeters into small zones to maintain separate access for different parts of the network. That way, a user who has access to one zone won’t be able to access another zone without separate authorization.
- Multi-factor authentication (MFA)—This is the process of requiring more than one piece of evidence to authenticate a user’s identity. Entering a password is not enough. In two-factor authorization (2FA), for example, users must enter a code sent to another device, such as a mobile phone.
One of the major challenges to implementing a zero-trust network is the lack of out-of-the-box solutions. While there are some tools available, they’re only partial solutions and aren’t sufficient to secure an entire network. Implementation of a true zero-trust network takes time and should be considered a long-term process. For large, complex IT environments, it may take many months.
The first step is to do a thorough analysis of your customer’s network, including network hardware, services and traffic, followed by securing everything. Ingram Micro offers network assessment services you can leverage if you don’t have the expertise or resources to conduct such analysis on your own.
Here are other steps your customers should take:
- Stop deploying unauthenticated services and make sure all future deployments are zero trust-compliant.
- Start building security controls—host-based firewalls—around data and applications.
- Implement microsegmentation based on such criteria as user, user location and other factors. Using these criteria, you can set up policies of whether to trust a user, machine or application seeking access to a part of the network.
Zero-trust networks are the gold standard in advanced security and a long-term goal your customers should work toward. To learn more, contact your Ingram Micro sales rep who can put you in touch with a security expert.