Virtualization Technology News and Information
ScaleFT 2018 Predictions: Zero Trust Moves the Fortune 500 Beyond Network Security

VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual series exclusive.

Contributed by Jason Luce, CEO and co-founder of ScaleFT

Zero Trust Moves the Fortune 500 Beyond Network Security

Over the past decade, we've witnessed the rise of cloud computing and mobility, the proliferation of big data and the dawn of artificial intelligence.  As these trends converge, we'll see the rise of new forms of businesses that are automated and decentralized.

Simultaneous to this technology convergence, we've seen the rise of the cyber attack. Massive data breaches result in financial loss while attacks on infrastructure disrupt business. Savvy CEOs, CIOs and CSOs do not want to become the next Equifax, so cyber security has become a booming business as a result.

It's time for a change in how companies view cyber security. Cyber security as medicine, something taken to prevent or remedy a variety of maladies, only treats the symptoms not the causes. This perimeter prevention quarantine approach is modeled after a decades old architecture, when a corporate firewall and corporate perimeter were very much aligned. With the advent of cloud computing and mobility, corporate assets often reside outside of  the corporate perimeter.

The product categories that control access to company resources have traditionally been segmented based on the role of the user. Privileged Access Management products are for administrators who need to login to infrastructure resources, and Identity and Access Management for everyone else logging into company applications.

In the modern cloud era, there's no reason for these product categories to exist independently. They require separate domain expertise, and can lead to confusing silos and security gaps with regards to who should and should not be able to access what, and from where. What we need is single cloud access management category that streamlines unified access controls across various protocols, regardless of the user and resource type.

The network perimeter remains at the center of most security solutions. Most products are delivered as an appliance that you have to install and manage. Even so-called software-defined solutions miss the mark because they're still centered on the network.

This network-centric focus on security will be further complicated more industries accelerate innovation and delivery of new services and products, what some are calling Industry 4.0. The promise of Industry 4.0 is on-demand and automated; extending the benefits we already experience with services like the Amazon Cloud to the workforce. It is only a matter of time until the Uber economy is extended to developers and other knowledge workers, but organizations will be unable to take advantage of these economies of scale without the proper security architecture.

Shifting access controls from the network layer to the application layer open the door for a new delivery model that has become the norm for every other product category except security - SaaS.

Google is already blazing new trails with its BeyondCorp security architecture, which encrypts all corporate assets and moves them to the public internet. Instead of trying to protect the corporate network, decisions are now based on authentication and authorization.

The security benefits of zero trust should not be understated, but there are also marvelous operational efficiencies, such as the elimination of VPNs (and backhauling traffic), which previously created roadblocks for productivity.

The ultimate goal of a zero trust security architecture  is to abstract the desired outcome of applications and processes, so they can be synthesized into consumable APIs. In the near term, these API will not only enable organizations to securely embrace decentralized hierarchies, but also to implement them into automation workflows. In the near future, cloud native organizations will be the norm. In fact, the erosion of the network perimeter will ultimately lead to the dissolution of organizational hierarchies.

Google is the marquee example of Zero Trust done right, now the envy of enterprises across every vertical for their improved security and productivity outcomes. While it may have taken them a number of years with a dedicated team to achieve the outcome they did, other companies are starting to follow their approach as covered in their research papers. With a paved road, the barrier to entry is much lower.

At least one of the top Fortune companies - I'd go as far to say as the top 10 - will fully deploy a BeyondCorp-style security architecture across their entire organization. We have already seen General Electric commit to implementing similar processes. It won't take as long as Google, and it may not be as vast, but someone will come out and say they also eliminated their need for a VPN, allowing their workforce to be productive from any location.


About the Author

jason luce 

Jason Luce is the CEO and co founder of ScaleFT. He was previously a senior executive at Rackspace. Prior to that he was an investment banker at Morgan Stanley and Lehman Brothers. He started his career in law with Cravath, Swaine & Moore LLP in New York and London. He holds a JD from Georgetown University and a BA in HIstory from the University of Texas at Austin.

Published Monday, December 04, 2017 7:25 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2017>