Since the beginning of the pandemic, the nature of and targets for cyberattacks have rapidly shifted from mere data and applications to critical infrastructure such as gas pipelines and food suppliers. Additionally, organizations that have been greatly impacted by the pandemic, including healthcare and educational institutions, have become more specifically targeted by threat actors. As this new threat environment spans both the digital and physical worlds, employing a Zero Trust security strategy is now more critical than ever. In fact, after the latest string of attacks during the first half of 2021, President Biden issued an executive order aimed at improving cybersecurity for both public and private organizations. The order emphasized the importance of a Zero Trust approach.
A10 Networks has enhanced its solutions to help customers meet and accelerate their Zero Trust strategies. Zero Trust eliminates implicit trust from information technology systems, and is embodied by the maxim ‘never trust, always verify.’ It recognizes that internal and external threats are pervasive, and the de facto elimination of the traditional network perimeter requires a different security approach. Every device, user, network, and application flow should be checked to remove excessive access privileges and other potential threat vectors. Multi-layered protection should incorporate controls, from i) foundational visibility into encrypted traffic streams to stop infiltration from ransomware, malware, and other common attacks, ii) application workload protection through segmentation and advanced user authorization and verification, and iii) sustainable user training in best practices to minimize risky behaviours.
Zero Trust has become a major initiative for many organizations. Gartner® observes, “the term “zero trust” has value as a shorthand way of describing a paradigm where implicit trust is removed from all of our computing infrastructure. Implicit trust is replaced with explicitly calculated, real-time adaptive trust levels for just- in-time, just-enough access to enterprise resources.”[