Security architecture for dynamic and decentralized IT-environments
Modern digitalized businesses embraced decentralization as the de facto mode of operation: your users access corporate resources from various locations and devices, and these resources are also highly dynamic and dispersed across your private IT environment as well as hybrid or public cloud(s).
This might be convenient for your users and the business, but the hecticness in the IT environment is also a blessing for hackers and cyber criminals. Therefore, what can and should organizations do to provide smooth business operations and great user experience, while minimizing the cybersecurity risks?
One of the most effective approaches is to introduce the Zero Trust Architecture (ZTA) in your IT environment. This does not mean rebuilding your IT systems and replacing the existing technology, but rather redesigning it based on the assumption that trust is a cyber risk and, therefore, a vulnerability.
This can be a challenging and expensive exercise because modern IT environments are also very complex. At NIL, we understand the nature of modern businesses and IT systems that support them, so we developed our own nondisruptive, clear, cost-effective, and manageable methodology for implementing Zero Trust Architecture in complex, multivendor environments.
What is Zero Trust Architecture?
Network, server, and file access controls do not end when a user’s connection to the organization’s internal network is authenticated or when an authenticated encrypted VPN connection is established. Access rights to data and network segments in modern environments are granted dynamically, depending on the context of access to the desired information. ZTA describes the security model in perimeterless environments, where the users, data, and workloads are spread between on-premises, hybrid, and multi-cloud environments.
ZTA is based on the least-privilege principle, specifying that the exact amount of access to the required resource is granted when accessing a protected resource, based on the context of the request. This applies to the main areas of modern IT environments: workforce, workplace and workloads. ZTA also specifies that, while the authorized parties are trusted with the exact amount of access to required resources, the authorization should be continuously verified, and access should be immediately revoked if the trust is broken.
Vendor-neutral and proven approach to building Zero Trust Architecture
In order to help customers transform their existing IT environments with ZTA in mind, or to build ZTA-based deployments from scratch, NIL leverages its extensive infrastructure, security and consulting experience by using a best-of-breed vendor-neutral approach to approach each of the areas.
It is important to realize that addressing the ZTA challenges does not have to be an all-or-nothing approach. Having a good workplace policy is a great start, by allowing on-premises network access only to authorized assets, and revoking access to those devices whose profile changes. In a similar fashion, understanding the contracts between workloads in a public cloud, maintaining and verifying the actual data flows between the containers, and automatically blocking unusual behavior enables an enterprise to maintain a robust, yet flexible security policy.
NIL helps customers determine the appropriate areas of ZTA implementation, assists in methodology, tool, and approach selection and provides the consulting services required to achieve the required ZTA outcomes.
Solution Modules
Deploying ZTA in the customer’s environment can be broken down into multiple solution modules, which can be combined in a service package matching the customer environment.
Architecture area | Description | Proposed solutions |
Workforce | User identity verification
Device trustworthiness verification Risk-based adaptive policies enforcement |
Cisco DUO
Microsoft Intune, Azure AD |
Workplace | Device discovery and classification
Context-based network access policy Continuous device health monitoring |
Cisco ISE
SD-Access with DNA Center Microsoft NPS |
Workload | Visibility and Behavior Modeling
Per-workload micro-segmentation Real-time workload security posture |
Cisco Tetration
Cisco StealthWatch Cloud Azure |
The solutions mentioned above only represent the main area-specific building blocks. The final solution architecture is determined upon customer environment and requirements analysis, and can also include technologies from other vendors.
Engagement Process
NIL follows a managed engagement process involving the NIL Project Management Office and a dedicated Project Manager. Our engagement process typically involves the following sequence of events:
- Kickoff workshop and the creation of a Customer Requirements Document.
- Detailed analysis of all the available customer network infrastructure (architecture, implementation, testing, compliance, policy) documentation.
- Detailed scoping of the custom-tailored solution.
- Gathering of information from the target infrastructure. This step is typically highly automated, non-intrusive and does not impact network performance.
- Analysis of the gathered data, execution of specific tests, and deeper inquiries (if required).
- Compilation of prioritized recommendations in both an executive and a technical report.
- Presentation of findings and suggestions for their remediation.
A Trusted Partner
From the cybersecurity perspective, a trust is an issue in modern IT environments, but in order to successfully address it with ZTA, you should rely on a trusted partner. NIL is building its trustworthiness on the following core strengths.
Expertise and experience
NIL’s extensive expertise with building and securing the world’s most complex IT environments gives us an edge when it comes to understanding customers’ current and future environment expansion plans, their security requirements and processes that are required to implement the tools, and the solutions required to protect the various IT environment aspects with ZTA in mind.
Nondisruptive approach, transparency, and reliability
NIL’s ZTA implementation approach gives organizations ease of mind when tackling a complex multi-platform security implementation project while providing full transparency and a wealth of knowledge when dealing with the world’s most advanced IT solutions.
Cost-effectiveness and speed
By reusing proven designs and methodologies, we shortened the time to introduce ZTA in a new customer environment, which also contributes to cost optimization.