consignment Commissions: Like most IT leaders, you face two uncomfortable realities. First, external and internal cybersecurity threats are proliferating from individual, independent groups, and nation states. Second, the operating model of computing is becoming more complex as its tentacles spread across multi-cloud environments.
That makes it infinitely harder to shield yourself from your previous reality. With so many distributed devices, software and network access points, perimeter defense is no longer a viable option.
Rather, complex multi-cloud environments require a zero-trust approach to protecting data. A central tenet of Zero Trust is that there are perimeters, and the increasing sophistication of attacks and the increasing circulation of digital assets require a “never trust, always verify” attitude to cybersecurity.
Best practices for building a Zero Trust strategy are well understood and rigorously documented. To better understand how to implement this comprehensive defense, it’s important to consider the range of modern computing environments.
Multicloud sprawl
If a company’s IT profile is similar to that of other companies, software workloads will run on on-premises equipment as well as a mix of public and private clouds. Maybe you run assets in a colocation facility or at the edge.
If you’re presiding over such a hodgepodge, chances are you’re also managing a cybersecurity profile of nightmare complexity littered with disparate protocols and security keys. As a result, most organizations struggle with data protection.
According to the Dell Technologies Data Protection Index, 72% of 1,000 IT decision makers cite their inability to discover and protect dynamically distributed data generated by DevOps and cloud development processes. Overall, 67% of those surveyed said they were unsure of their ability to adequately combat ransomware and malware attacks.
Functionally, Zero Trust in a multi-cloud environment is similar to the security protocols people encounter as they move through airports en route to their destination.
People present their ID and pay for baggage inspection with credit or debit cards. They are then scanned in several different ways (obvious and unobtrusive) as they go through the screening process. Airport officials and federal security agencies work together to authenticate passengers fairly rigorously.
Zero Trust is similar to airport security processes, but at exponential scale and a wider digital footprint. In sprawling hybrid and multi-cloud environments, data is stored in many different locations, with each system leveraging its own security protocols.
Solving these challenges in diverse environments is difficult. Extending the airport analogy, you might even say it’s akin to replacing an engine on a jetliner in the air.
Fortunately, the U.S. Department of Defense provides a blueprint for seven pillars, a robust Zero Trust strategy defense. Those doctrines include:
Defense is multi-layered and persistent
user. Continuously authenticate, access, and verify user activity patterns to manage user access and privileges. This helps protect and ensure security for all interactions.
device. Perform real-time inspection, assessment and patching of corporate-issued laptops, PCs and other work devices and notify all access requests.
Applications and workloads. Monitor and protect all software assets including applications, hypervisors, virtual machines and containers.
data. Data at the heart of the DoD pillar is the great glue that binds all corporate assets together. If it contains important data, you risk losing your corporate kingdom. You need complete transparency and visibility across all your data, protected by infrastructure, apps, standards, encryption and data tagging.
network and environment. Segment, isolate, and control your network with fine-grained policies and access controls.
automation and orchestration. Define processes and policies that automate security responses enabled by artificial intelligence (AI) and machine learning (ML) to ensure remediation based on intelligent decisions.
Visibility and analytics. Vast multi-cloud estates require software watchers to watch for anomalous behavior. Implement tools that analyze and generate context for all events, activities, and behaviors. It also uses AI and ML to improve detection and reaction times when making access decisions.
How Zero Trust Secures Multicloud Environments
Applying these Zero Trust pillars will lead to a multi-cloud ecosystem where application workloads are intentionally allocated across on-premises, public and private clouds, co- and edge devices based on factors such as performance, security and cost. Important when formulating a design strategy. .
Classify your applications and data. Segment your network to divide your assets into smaller pieces and limit the spread of malware. Incorporate strong encryption and continuous monitoring. We then implement access controls based on the principle of “least privilege”, granting users access to the assets they need to do their jobs.
Models include backup and recovery services that help you geolocate lost or stolen devices, remotely wipe devices if necessary, and recover devices from snapshots. And in the event of a breach, a good cyber recovery system can help remediate compromised data in digital vaults that are isolated, immutable, intelligent, and have critical access control constraints.
Applying multiple security measures built into the Zero Trust model to a purposeful multi-cloud strategy ensures that your organization’s data and applications are protected across complex distributed environments.
Above all, remember the key adage, “never trust, always verify” as you incorporate Zero Trust into your multi-cloud strategy.
Learn more about our portfolio of cloud experiences that deliver simplicity, agility and control as a service.
Dell Technologies APEX
.
Sponsored by Dell.
