{"id":3032,"date":"2019-09-06T00:16:26","date_gmt":"2019-09-05T21:16:26","guid":{"rendered":"http:\/\/gcp.ideus.com.tr\/index.php\/the-zero-trust-approach-for-the-cloud\/"},"modified":"2019-09-06T00:16:26","modified_gmt":"2019-09-05T21:16:26","slug":"the-zero-trust-approach-for-the-cloud","status":"publish","type":"post","link":"https:\/\/www.ideus.com.tr\/index.php\/the-zero-trust-approach-for-the-cloud\/","title":{"rendered":"The Zero Trust Approach for the Cloud"},"content":{"rendered":"<div>\n<p>By\u00a0<span style=\"font-weight: 400;\">Evin Safdia, Technical Marketing Manager, Prisma<\/span><\/p>\n<p>\u00a0<\/p>\n<p><span style=\"font-weight: 400;\">The term \u201cZero Trust\u201d has been around for almost 10 years, but it has recently picked up momentum as businesses look to proactively protect their data and infrastructure. With the shift to the cloud, Zero Trust is now a philosophy of choice for CIOs and CISOs, who are tasked with protecting their systems from outside attacks as well as from within the organization.<\/span><\/p>\n<p><b>What Is Zero Trust?<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Traditionally, network admins only needed to worry about protecting their organizations from outside threats. But the threat landscape has evolved. From zero-day malware to insider threats, network admins must now proactively protect networks and data to avoid breaches. With this evolution, the Zero Trust philosophy was born.<\/span><\/p>\n<p><a href=\"https:\/\/www.paloaltonetworks.com\/cyberpedia\/what-is-a-zero-trust-architecture\"><span style=\"font-weight: 400;\">Zero Trust<\/span><\/a><span style=\"font-weight: 400;\"> is based on the belief that trust should not be given to anyone or anything, no matter if they are within the network or outside. This \u201cnever trust, always verify\u201d approach enforces least-privileged access in which, once users are authenticated and identified, continuous inspection is implemented on the traffic while the user is connected to the network. Simply assuming that a user connecting to the network and passing authentication requirements is in fact the user and not an attacker is not wise with the recent increase in the number and sophistication of breaches. In fact, a significant portion of hacking-related breaches still involve compromised and weak credentials \u2013 29% according to the <\/span><a href=\"https:\/\/enterprise.verizon.com\/resources\/reports\/dbir\/\"><span style=\"font-weight: 400;\">2019 Verizon Data Breach Investigations Report<\/span><\/a><span style=\"font-weight: 400;\">.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To fully implement a Zero Trust approach, the following must be considered:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>Segmentation: <\/b><span style=\"font-weight: 400;\">Ensure only known, allowed traffic or legitimate application communication is allowed, by segmenting and enabling Layer 7 policy.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Access Control: <\/b><span style=\"font-weight: 400;\">Adopt a least-privileged access strategy and strictly enforce access control.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Threat Prevention, Investigation and Response: <\/b><span style=\"font-weight: 400;\">Inspect and log all traffic to quickly identify, prevent and respond to threats.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">It is important to remember that secure access is not enough; constant inspection and prevention must be included to successfully enforce Zero Trust across your organization.\u00a0<\/span><\/p>\n<p><b>Extending Zero Trust to Cloud Environments<\/b><\/p>\n<p><span style=\"font-weight: 400;\">As the popularity of software-as-a-service (SaaS) applications and public cloud offerings has grown, so has the complexity of maintaining security and control over the data, traffic and users accessing the cloud. Zero Trust in the cloud requires complete visibility into the cloud apps, the data being stored and who is accessing the data. While securing the cloud may have become more complex, it is important that users are not impacted when accessing the cloud, no matter their location. If there are too many steps for users to gain access to apps or data in the cloud, they will bypass the secure way to access and find alternatives. Secure access is crucial for Zero Trust to work, and it must have minimal impact on users, especially those in remote locations or different offices.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To extend Zero Trust to the cloud requires security delivered from the cloud. Security from the cloud allows for policy enforcement, better protection and visibility into all internet traffic. By having users and offices connect directly to the cloud, instead of first going through headquarters or firewalls, your network and cloud architecture is simplified, and your overall attack vector is minimized.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There are several use cases where Zero Trust in the cloud can be applied:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>Zero Trust for Private Apps in the Public Cloud:<\/b><span style=\"font-weight: 400;\"> As apps move from on-site data centers to the cloud, secure access is crucial. Managed or unmanaged devices need to have strict policy enforcement, allowing access to necessary apps per the user role, while also maintaining security and protection. You also need to maintain constant visibility into what data is being accessed and by whom.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Zero Trust for SaaS Apps:<\/b><span style=\"font-weight: 400;\"> With the rise of popular <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/cyberpedia\/what-is-saas-security\"><span style=\"font-weight: 400;\">SaaS apps<\/span><\/a><span style=\"font-weight: 400;\"> like G Suite, Box and Office 365, collaboration has become easier with employees located anywhere, along with contractors and third-party vendors; but this can lead to unauthorized users having access to data or apps that do not pertain to their job requirements. Securing SaaS apps requires prevention protocols and policy enforcement. Providing employees and contractors different levels of access is important to keep users happy and data secure.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Zero Trust for DevOps in the Cloud:<\/b><span style=\"font-weight: 400;\"> Least-privileged access is a key part of Zero Trust. The DevOps team is continuously building and tearing down cloud apps with APIs. However, ensuring those APIs are accessed by the right individuals, and the information being shared is protected, is necessary \u2013 with a granular level of visibility. By enforcing authentication at the security service layer, unauthorized users never have the chance to make an authentication attempt to an API, reducing the risk of attack.\u00a0<\/span><\/li>\n<\/ul>\n<p><b>Zero Trust Is a Strategy Not a Product<\/b><\/p>\n<p><span style=\"font-weight: 400;\">There is no one product that you can bolt on top of your existing security tools to enforce a Zero Trust approach. Zero Trust is a philosophy that must be thoroughly thought out and implemented across the entire organization, including at physical remote sites and users as well as in the cloud. Secure access is one ingredient in the Zero Trust philosophy. Ongoing traffic inspection is necessary to quickly identify and remediate threats. With constant traffic inspection, unusual user behavior and activity can alert network admins to a possible imposter or breach. Building your Zero Trust strategy can benefit your organization with:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Better visibility into data, assets and risks.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Consistent and comprehensive security.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Speed and agility to stay a step ahead of evolving technologies.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Reduction of operational cost and complexity.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Aid in assessment and compliance.\u00a0<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Palo Alto Networks is revolutionizing the way companies transform their cloud security infrastructure. Prisma by Palo Alto Networks \u2013 the industry\u2019s most complete cloud security suite \u2013 provides visibility and secure access into data, assets, apps, users and risks while enabling speed and performance. Prisma consistently governs access, protects data and secures applications as organizations move to the cloud. With Prisma, organizations can apply a <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/cloud-security\/zero-trust-cloud-security\"><span style=\"font-weight: 400;\">Zero Trust approach<\/span><\/a><span style=\"font-weight: 400;\"> to securely connect branch offices and mobile users to the cloud, confidently embrace the use of SaaS applications, and rapidly develop and deploy cloud applications.<\/span><\/p>\n<p><a href=\"https:\/\/www.paloaltonetworks.com\/resources\/whitepapers\/applying-zero-trust-to-cloud-environments\"><span style=\"font-weight: 400;\">Read the white paper to learn more.\u00a0<\/span><\/a><\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.paloaltonetworks.com\/2019\/09\/cloud-zero-trust-approach\/\">The Zero Trust Approach for the Cloud<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.paloaltonetworks.com\/\">Palo Alto Networks Blog<\/a>.<\/p>\n<p><img loading=\"lazy\" src=\"http:\/\/feeds.feedburner.com\/~r\/PaloAltoNetworks\/~4\/eFH3CLyNZj8\" height=\"1\" width=\"1\" alt=\"\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>By\u00a0Evin Safdia, Technical Marketing Manager, Prisma \u00a0 The term \u201cZero Trust\u201d has been around for almost 10 years, but it has recently picked up momentum as businesses look to proactively protect their data and infrastructure. With the shift to the cloud, Zero Trust is now a philosophy of choice for CIOs and CISOs, who are<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":""},"categories":[24],"tags":[141,33,29,27,34],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.ideus.com.tr\/index.php\/wp-json\/wp\/v2\/posts\/3032"}],"collection":[{"href":"https:\/\/www.ideus.com.tr\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ideus.com.tr\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ideus.com.tr\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ideus.com.tr\/index.php\/wp-json\/wp\/v2\/comments?post=3032"}],"version-history":[{"count":0,"href":"https:\/\/www.ideus.com.tr\/index.php\/wp-json\/wp\/v2\/posts\/3032\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.ideus.com.tr\/index.php\/wp-json\/wp\/v2\/media?parent=3032"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ideus.com.tr\/index.php\/wp-json\/wp\/v2\/categories?post=3032"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ideus.com.tr\/index.php\/wp-json\/wp\/v2\/tags?post=3032"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}