“Zero-Trust”: A Paradigm Shift

In today’s world, enterprises are planning new security methods to protect against threats and breaches emerging within the organization instead of only focusing on preventing outside attackers. Simultaneously, organizations know they need to offer a rich and seamless user experience for employees, partners, and contractors. Given the environment of a more distributed and virtual workforce – and with the exponential growth of sensitive data – enterprises know they need to provide employees with the ability to work securely from virtually any location without the need for a traditional network. This has resulted in a paradigm shift.

The strategic concept of “Zero-trust” originated more than a decade ago, but is now more relevant in today’s world as the traditional network perimeter has disappeared and it is has become increasingly difficult to protect sensitive data in a single network wall. Forward-looking enterprises and organizations started thinking beyond perimeter-based security “Zero-trust” and offering a seamless user experience by developing an ecosystem with integration of relevant solutions:

  • People/User/ Identity: Identity and Access Management, Privileged Access Management Information centric Security, User and Entity Behavior Analytics, gateway etc.
  • Data Security: Data Loss Prevention, Encryption, Threat Intelligence, Security Orchestration and Automation Response, Fraud Risk etc.
  • Modern Network Security across on premises, clouds or bi-model: Cloud Access Security Broker, Firewalls, IPS/IDS etc.
  • Workloads Solutions: Data Loss Prevention, Cloud Security, Cloud Controls, Compliances solutions, monitoring, end point protection, Encryption at rest, Security Operation Center tools etc.
  • Device Management: Mobile Device Management, Unified Endpoint Management, Endpoint Detection Response, Public Key Infrastructure, Patch Management etc.

Overall, the “Zero Trust” model will not prevent a compromise, but can help prevent breaches. Implementing and operating in the “Zero-trust’ mature model is not a one-time implementation. It requires  continuous learning in a multiple aspects like day to day network protection, Identity trust establishment, discovering and gaining visibility of devices, ensuring dynamic tiers of trustworthy devices, adaptive and risk based policy enforcement and secure application access.

About the author

Ravi Kumar Soni is currently a member of the product management group in Broadcom’s security and integration division, responsible for the strategy and direction of the Identity & Access Management product portfolio. He has close to 20 years of software industry experience, spanning various roles and verticals. He has spent the last 3 years in product management, in the field of Cyber Security and IAM, responsible for defining products for the Fortune 1000 customer base. Prior to cyber security he worked in software engineering in various domains such as managed file transfer, business rule engine, core network and kernel programming and protocol implementation on multiple platforms including mainframe. Ravi Kumar Soni is currently based out of Broadcom’s Hyderabad office.