eWEEK SPECIAL REPORT: Part 2 of the eWEEK series “The Home as Enterprise Branch” focuses on zero trust as a key component in next-gen security.
Within the confines of a personal residence, there is normally a modicum of trust involved with those who share rooms together–whether it’s a family, a group of friends or another team of humans. After all, they have to share the kitchen, bathrooms, common living areas–and many times, online access to networks. And when apps such as gaming, business, personal finance, and others are sharing the same connection, serious issues can quickly develop.
Here in 2021, when it comes to the online security of networks that connect to an enterprise or multiple enterprises, zero trust is the most important trend for business. Nothing personal against anyone; it’s all about the safety of the business data, and humans are by far the weakest link in any chain.
Definition: Zero trust is a security concept that requires all users, even those inside the organization’s enterprise network, to be authenticated, authorized, and continuously validating security configuration and posture, before being granted or keeping access to applications and data.
Zero trust: Not a hard concept to understand
“The concept of zero trust is relatively easy to understand,” wrote networking analyst and eWEEK contributor Zeus Kerravala. “The internet was designed on the principle that everything can talk to everything, which is why it works so well but enables threat actors to find one point of entry and have access to the entire company network. Zero trust flips the internet model by mandating that nothing can talk to anything else unless explicitly allowed. This is easy to understand but very difficult to deploy.”
Companies that include VMware, Aruba, Zscaler, CrowdStrike, Palo Alto Networks, Microsoft, Netskope, McAfee, Awake, Akamai and others have first-rate zero-trust processes embedded in their security ware, and not a moment too soon. Zero trust, often utilizing two-factor authentication, is rapidly becoming an effective shield against bad actors across many vertical business segments, and the good PR about it is spreading quickly.
“Remote network security starts for VMware as part of the Anywhere Workspace umbrella,” said VMware executive Abe Ankumah, founder and former CEO of Nyansa, which was acquired by VMware in 2020. Nyansa developed an analytics-powered, software-defined and self-healing virtual cloud network that connects clients to containers in distributed enterprises.
Replacing conventional VPNs
“One of the core pieces that VMware is focused on delivering is around solving the zero-trust network access problem,” Ankumah (pictured) told eWEEK. “Zero-trust network access really looks to bring what was traditionally solved by VPNs (virtual private networks) when people were only accessing applications within the enterprise’s own data center.
“But in a world where applications can be anywhere, and users can be anywhere, zero-trust network access solves two things: It really addresses the security problem that VPN isn’t adequately scoped to solve. And it also does it with a perspective of putting the user experience of the end-user or the employee as a fairly critical part of it.”
VMware claims that its zero-trust components secure the distributed edge with broad and effective security. This enables any user to access any app from any device. The Anywhere Workplace, launched recently, combines network security to the edge with endpoint security and management. It all can be controlled and monitored by the enterprise admin.
Good user experience is an important factor
The user experience is a huge part of this, Ankumah said. After all, few people will use any type of application–let alone security–if it isn’t simple and easy to navigate.
Cybercriminals continue to become more sophisticated and will take any opportunity—especially a global pandemic—to do their dirty work. In its Digital Defense Report, Microsoft notes the growth in identity-based and ransomware incidents and the expansion and evolution of internet of things (IoT) threats.
Much is at stake because when bad actors penetrate networks and hijack accounts they can access potentially priceless data, harm reputations and bring businesses to a halt. This gives all organizations a good reason to take steps to protect themselves from such threats. Zero trust is fast becoming a top-tier requirement for companies of all sizes.
Key players in this market
Companies with a percentage of their employees who are working remotely–and that’s a high number in this pandemic time window–should be aware of the following 12 service providers and their security packages.
Part 2: Enterprise Security at Home: Remote Access Options
In no particular order:
VMware: See above
Aruba: Edge-to-cloud security
iBoss: SASE and Zero Trust
SecureLink: Remote location security
Zscaler: Zero Trust Exchange Framework
Palo Alto Networks: Has been providing network-to-branch security since 2011
CrowdStrike: Focuses a lot on human interaction in remote security.
Microsoft: Azure Sentinel, Microsoft Threat Experts
McAfee: AI a big feature in this platform
Netskope: Ransomware protection in the cloud
Awake: Partnership with Arista a major deal
Akamai: Intelligent edge platform
For more information from the extensive eWEEK security library, on this topic, go here.