Zero Trust: From Network Access for Enterprise Security | HCLTech

The evolution of Zero Trust: From network access to critical enterprise resources

Zero trust has evolved from being a network access architecture to a holistic security architecture and is now a critical component of any cybersecurity strategy
 
5.4 min. read
Nicholas Ismail
Nicholas Ismail
Global Head of Brand Journalism, HCLTech
5.4 min. read
Share
Listen to article
Mute
30s Backward
30s Forward
The evolution of Zero Trust: From network access to critical enterprise resources

Zero trust is a security framework that requires all users, whether internal or external, to be continuously authenticated and authorized on an organization’s network. It works on the premise that no device and no user behind the device should be trusted.

“Never trust and always verify,” confirms Prashant Mascarenhas, Vice President - Cybersecurity & GRC Services at HCLTech, speaking at RSA conference.

Fundamentally, the zero-trust model means that the identities of the users are always verified and authenticated at every layer of different enterprise resources, without creating friction in the organization and while reducing risk.

“From an evolution standpoint, zero-trust is at a point of controlling application and data access— critical enterprise resources,” says Mascarenhas.

With this evolution, the framework is now gaining significant traction, with Gartner predicting that by 2026, 10% of large enterprises will have a mature and measurable zero-trust program in place, up from less than 1% today.

The focus now is on how organizations can embed and implement an effective zero-trust framework.

Embedding a zero-trust framework

The first step in embedding an enterprise-wide zero-trust framework is to establish a zero-trust strategy that balances frictionless work and risk mitigation. According to Gartner, this should be led by the Chief Information Security Officer (CISO) and risk management leaders.

Crucially, it shouldn’t be forgotten that the foundation of zero-trust is identity. To effectively ensure controlled network and now application and data access, Mascarenhas recommends implementing a “strong identity access management architecture, which will help organizations move away from traditional role-based access models to attribute-based access models that can be used to make contextually relevant decisions”.

At the same time, he says that at the network layer, “organizations should shift from traditional network access controls to policy based remote access and device context-based policies, which can be applied on the network in real time”.

He adds: “Static policies can be broken, but dynamic policies, which are computed using attributes coming out of telemetric data from the network and applications can drive a higher level of security with the end aim of protecting data.”

In deciding where to implement the first rollout of zero-trust, Gartner recommends protecting the most critical assets, as this will yield the greatest return on risk mitigation.

It should be noted that zero-trust doesn’t represent a silver bullet. It’s a crucial component of developing a holistic cybersecurity strategy and key in helping reduce risk, but it must be combined with other threat detection technologies and frameworks.

The cybersecurity mesh

Gartner has referred to the future of security architecture as the cybersecurity mesh. This emerging architecture aims to consolidate all composable and distributed security tools to reduce complexity and improve an organization’s overall cybersecurity posture.

“The cybersecurity mesh incorporates individual security technologies and integrates them together for a unified policy across the entire landscape,” says Mascarenhas.

In this consolidated environment, zero-trust enables organizations to take network, application and data access controls and apply them across the entire landscape, including the devices, policies and tools that are being brought together under the cybersecurity mesh.

Powering reimagined experiences for E.ON

Watch the video

A trusted partner

Explaining how HCLTech can help organizations deploy zero-trust solutions, Mascarenhas says: “HCLTech is well poised to support our enterprise customers in deploying zero trust solutions. We have built mature practices and have a very large infrastructure, cloud, application and data security practice.

“In recent times, we've invested in taking our knowledge of IT security and applying it to OT environments and we have a significant experience in governance, risk and compliance, both from an internal compliance standpoint on security policies and for regulatory compliance that enterprises need to meet.

“We also have a strong foundation for delivering Identity Access Management, which underpins zero-trust.”

Ultimately, a strong security posture with resiliency built in by design will help organizations drive business growth by reducing cyber risks.

“HCLTech continues to make investments in this space, and we work very closely with our customers to partner with them through that journey,” says Mascarenhas.

Share On