The BTN recently partnered with HashiCorp, global leader in infrastructure automation for multi-cloud environments, for an exclusive roundtable with executive technology leaders, focusing on the role of Zero-Trust within organisations.
The role that Security plays within organisations has evolved exponentially due to the rise in remote working and employees utilising devices that wouldn’t have historically been connected to organisations’ environments. The migration to cloud environments across industry has resulted in organisations having to have a rethink how they secure applications, infrastructure and ultimately, their data.
The session was led by HashiCorp’s Field CTO, Guy Sayar, who took the attendees on the journey of looking at the impact of implementing Zero-Trust across an organisations’ culture, security practices and tooling.
The role of perimeters is where the conversation started, with the evolving definition from static perimeters to dynamic perimeters and how taking practices and tools that organisations currently use needs to be brought into the modern way of doing things.
Zero Trust is not a product solution, it is a roadmap and a strategy
The group introduced the topic by talking about the need to bring your people on a journey to zero trust. This isn’t necessarily a technology solution but a security mindset, whereby creating a roadmap for your organisation and creating a strategy for your security goals will form your transformational journey.
Your people have set ways of working and believe that things operate in certain ways but the pandemic has helped to change mindsets and bring security to the forefront of the conversation at management level. For example, a couple of the group spoke about the acceleration of ease to convince the organisation to use MFA for all applications, with significant progress made to use DF when in the office, as well as externally from the office.
Implementing aspects of Zero Trust can create a false sense of security
Zero Trust operates effectively not within a silo but as part of an ecosystem where all four pillars (machine authentication and authorisation, machine-to-machine access, human authentication and authorisation, and human-to-machine access) have been taken into consideration. A false sense of security can occur if organisations start to believe that they have implemented zero trust, yet only focused on 1 or 2 of the pillars.
All aspects of the infrastructure, people and machine, need to be authenticated and given identities, encryption is therefore needed to be embedded in everything and anything.
Legacy applications and infrastructure formed a large part of the discussion, with the group being fully aware of the variety of technologies they have within their suite. Guy spoke about the role of a blended approach of the 4 pillars and the functionality of enabling multi-cloud flexibility to enable scalable, dynamic security across clouds.
Applying Natural Behaviour to IT
In a world where we start to rely on technology having the solution, taking a step back and applying natural human behaviour to the situation will put your technology back in perspective.
Examples were discussed such as location should play no relevance as to whether access is denied or granted. How can we continue to manage identity and how do we verify all aspects of the infrastructure? Zero trust is not one solution or one standard but a philosophy and how do we anchor the identity to each service that a specific person wants to access?
IT colleagues need to understand there are no secure boundaries anymore, regardless of whether they specifically work in security-based roles. You must always verify, there can’t be trust in the technology.
Bringing your people on a zero trust journey isn’t a ‘switch on’ task but with zero trust comes significantly more benefits than simply ‘not being hacked’. It can have detrimental benefits to your high availability. Zero trust can really mean zero downtime. Never trust, always verify.
About HashiCorp
HashiCorp is the leader in multi-cloud infrastructure automation software. The HashiCorp software suite enables organisations to adopt consistent workflows to provision, secure, connect, and run any infrastructure for any application. HashiCorp’s open-source tools Vagrant™, Packer™, Terraform, Vault, Consul, and Nomad™ are downloaded tens of millions of times each year and are broadly adopted by the Global 2000. Enterprise versions of these products enhance the open-source tools with features that promote collaboration, operations, governance, and multi-data centre functionality.