To get zero trust right, security teams need to ensure they achieve deep observability from cloud to core says Mark Coates. Here he explains what deep observability is and its role in zero trust.
In response to the exponential rise in ransomware and other cyber threats, zero trust architecture has become a well-regarded solution to protecting both on-premises and the cloud. In fact, while only 51 percent of IT and security professionals in EMEA claimed to be comfortable implementing zero trust in 2019, that number rose significantly to 83 percent in 2022.
Put simply, a zero trust architecture removes the implicit trust that’s given to internal network traffic, users, or devices. With this defence / defense in depth approach to security, businesses can improve both productivity and resilience, as systems run more efficiently and downtime can be reduced. However, to get zero trust right, security teams need to ensure they achieve deep observability from cloud to core.
Why zero trust matters
Implicit trust within the tech stack can be a huge liability for organizations. IT teams often struggle to implement the appropriate trust measures; they usually take for granted that the organization owns the system, the only users are employees, or the network used to be secure. But these measurements of trust are not adequate. Trust based on assumption is leaving organizations vulnerable and open to risk. For threat actors, these negligent metrics of trust can be used against an organization, enabling network infiltration and data breaches.
A zero trust framework eradicates any implicit trust and instead analyses whether an organization should allow access for each individual case. With bring-your-own-device (BYOD) strategies so prominent following the rise of remote and hybrid working, it is more important than ever before that trust is earned rather than freely given. Everything should be considered a potential threat until proven otherwise.
However, it’s not a simple nor quick architecture to implement. There are many components to zero trust and most organizations are still at the very beginning of their journey. Micro-segmentation, for example, is an essential part of zero trust. It provides the ability to control workloads in a data centre or a multi-cloud environment with granular policy controls and restricts the spread of lateral threats. Yet it is only one element in a wider defence in depth strategy. To make it all possible, IT and security teams need absolute visibility and insight into what is happening across their infrastructure
The role of deep observability
Deep observability is the addition of real-time network-level intelligence to amplify the power of metric, event, log, and trace-based monitoring and observability tools in order to mitigate risk. With it comes increasing intelligence to bolster an enterprise’s security posture – because if threat actors can bypass endpoint detection and response tools or SIEMs, they will leave behind a trail of metadata that deep observability allows security teams to analyse. It is therefore critical in supporting a comprehensive zero trust strategy.
Ultimately, zero trust’s main goal is to discover and classify all devices that connect to the network - not just those with endpoint agents installed and operational - and to strictly enforce a least-privilege access policy based on a granular analysis of the device. This is impossible to do for assets, devices, users, and traffic that you cannot see.
Security teams who combine zero trust and deep observability will be best placed to prevent cybercriminals from infiltrating their network and therefore to ensure the continuity of their business. With cybercriminals becoming increasingly sophisticated, and attacks being much more strategic, this holistic visibility is essential in helping organizations reduce risk. Adversaries will no longer be able to hide behind blind-spots and operate undetected.
Looking to the future
Today’s technology landscape demands change and reliability for the future. The very nature of cloud-based applications and the expansion of SaaS (software-as-a-service), combined with the hybrid working model, means that zero trust is becoming increasingly popular for businesses concerned about becoming ransomware’s next target. However, if organizations are going to commit to this security initiative, they need a strategy in place to help them get there. Discussions in boardrooms need to continue, and IT and security teams should be putting plans in place that span the coming five years and realistically reflect the challenges security teams face in their day to day.
It's no secret that ransomware now presents businesses with one of the biggest enterprise risks of our generation. Zero trust enabled by deep observability will be crucial to ensuring business continuity in 2023 and beyond.
The author
Mark Coates is VP EMEA, Gigamon
