Zero Trust and DevOps, two paradigm shifts that will also fundamentally change your cyber security. In this blog post, we will show you how much these two approaches complement each other and what benefits you can derive from them.
The continuous digital transformation of the world is advancing and has a profound effect on everyday life. The most visible effect is the evolution of end devices - from the classic corporate desktop computer, to corporate notebooks, to BYOD and tablets.
In parallel, we are seeing an evolution of the applications installed on these devices. In the age of the desktop computer, client-server architectures were the norm. With the advent of browser technologies, the majority of business functions disappeared from the end device (client) and were replaced by web portals. Today, some of the logic is being shifted back to the client in the form of mobile apps and browser-based single page applications. These apps are simply distributed and sold via app stores. The server is no longer called portal but resource and REST is the preferred protocol to interact with these resources.
At the same time, operating models have also changed. Today, computing resources are also used as a service and companies are moving some or all of their IT services to the cloud. This involves some loss of control over the infrastructure and its maintenance, as operational control is delegated to the cloud infrastructure provider. All of this leads to the need to create new risks and threats to organisations, redefine 'trust' and rethink cyber security.
Zero Trust - who can still be trusted?
Initially, the classic "castle and moat" concept was considered sufficient to protect the perimeter of the internal network and accept everything and everyone on the internal network as "trustworthy". Today's security best practice recommends an architecture that shifts access control from the perimeter towards the services. This means that access control is carried out by the application itself or by a security component that is directly in front of it. The question here is which security tools are best suited to manage the shift to a Zero Trust architecture. Zero Trust is a fairly modern concept and an approach that changes cyber security from the ground up. Instead of trying to protect an internal and secure trust zone from malicious outside attackers, Zero Trust dictates that every single request is considered untrustworthy until proven otherwise. What exactly is meant by this and why the change to a Zero Trust architecture does not happen overnight has already been described in an earlier Infoguard blog post.
DevOps - Respond faster to customer demands…
In the increasingly digital and software-based world, the success of a company also depends on how quickly (and securely) services can be developed and delivered. DevOps can pave the way for this. DevOps is a second paradigm shift in addition to "zero trust". It challenges corporate structures with separate responsibilities for networks, storage, operating systems and applications. This shift is accelerated by the move to the cloud, because the entire infrastructure operation is outsourced. Cloud providers are providing more services for integration into applications and tools to enable the development and automatic installation of applications. In essence, the cloud provider enables the shift to DevOps by providing services for developers and DevOps to build on to be able to fully focus on implementing business functions.
But DevOps is also symbolic of a new culture of departments working together, which historically had rather different goals: software development needs to be agile, creative and on the pulse of technological development in order to constantly deliver new features. In contrast, IT operations is focused on stability, security and reliability. DevOps now attempts to unite precisely this apparent contradiction between agility and stability. As a logical further development of agile software development, DevOps aims to involve the entire value chain in an interdisciplinary way and to break down existing silo thinking in order to ultimately deliver better and more reliable solutions for customers.
Practical implementation of zero trust and DevOps
The days for perimeter-only security are over. Zero Trust and DevOps require changes in the company as well as new tools like Microgateways to implement. It also requires a lot of effort to migrate a large enterprise network. The existing solutions for perimeter security will not be replaced. Their function is upgraded from merely an everyday role to a strategic position in the overall defence system. The benefits a company gains with a Zero Trust architecture, both technically and operationally, are enormous. Therefore, now is the time to start the first project and take the first step towards Zero Trust. You are sure to find valuable information on this in our whitepaper - set off on the Zero Trust journey.
Zero Trust is a journey
The digital transformation of the world continues to progress, and it is profoundly affecting private life and job profiles in a manner that was hard to imagine just a few years ago.
In this paper, we discuss the effects of ongoing digitization and how it affects modern information technology in general and information security in particular.
You see: Following the Zero Trust and DevSecOps paradigms brings numerous benefits. A happy CISO and an agile deployment process, which in turn leads to a shorter time-to-market of innovations. But putting all this into practice is not trivial, even if you only have one environment. In the coming week, we will show you how you can still succeed with practical examples.
This is a guest post from Infoguard.