Organizations across all industries experienced a surge of ransomware attacks last year as cybercriminals extracted $1.1 billion in payments from victims. To thwart these bad actors and improve network security, the National Security Agency (NSA) released a new cybersecurity information sheet: “Advancing Zero-Trust Maturity Throughout the Network and Environment Pillar.”
As the creator of zero-trust, I’m pleased to see the NSA’s document emphasizes a paramount, yet frequently overlooked element of zero-trust security: segmentation.
I have long advocated that segmentation stands as the fundamental essence of zero-trust. However, in recent years, there has been a noticeable tilt toward the Identity pillar of zero-trust, leaving network security controls vulnerable both on-premises and in the cloud.
As the attack surface expands and the digital landscape grows increasingly interconnected, segmentation of on-premise networks, cloud, multi-cloud, and hybrid environments becomes imperative for organizations to fortify resilience and establish enduring zero-trust architectures.
The NSA also recognizes the importance of "data flow mapping." Flow mapping has been a focal point of my zero-trust advocacy since its early days. Understanding system interconnections is essential for successfully architecting zero-trust environments.
NSA’s document also underscores the significance of network security technologies in establishing a zero-trust environment. Organizations, whether on-premise or in various cloud environments have largely overlooked the importance of network security controls. I think of network security as the cornerstone of zero-trust, particularly in combating ransomware attacks that jeopardize essential services and disrupt everyday life.
The NSA has reaffirmed this pivotal role of network security, finally granting zero-trust segmentation (ZTS) the recognition it deserves. This guidance should help organizations comprehend the importance of the Network pillar within zero-trust and encourage them to pursue network security technologies as they progress toward implementing a zero-trust architecture.
What lies ahead for zero-trust
As global connectivity grows, the attack surface expands. That’s why it’s imperative for organizations to delineate, map, and fortify their most critical Protect Surfaces within their zero-trust environments.
I hope the NSA’s recommendations convince more organizations to implement zero-trust as they cope with the ever-changing cybersecurity landscape. These zero-trust principles have become mainstream across various industries and organizations of different sizes. As cyber threats evolve, more companies will recognize the need to implement a zero-trust approach to protect their digital assets.
Here are my recommendations for how to implement zero-trust effectively:
I commend the NSA for issuing its latest guidance because it’s a significant endorsement of the effectiveness and significance of ZTS, offering invaluable guidance for organizations seeking to fortify their cyber resilience amid the ever-changing threat landscape. It’s impossible to prevent all cyberattacks, but implementing a zero-trust model will significantly reduce the potential damage and strengthen any organization’s security posture.
John Kindervag, chief evangelist, Illumio