SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers

Video: 10 Minute IT Jams - SonicWall manager dissects zero trust security

Wed, 5th May 2021
FYI, this story is more than a year old

Zero trust security is on the rise. And for Yuvraj Pradhan, Head of Pre-Sales for APAC at SonicWall, it's not a passing trend but the future foundation of effective cyber defence.

"Zero trust means different things for different people, but in a nutshell, it means trust no one and verify always," Pradhan said. He was speaking as part of an industry discussion about the way cyber threats have exposed the limits of traditional security models, and the urgent relevance of zero trust in 2021 and beyond.

Zero trust security, Pradhan explained, overturns the long-standing notion that anything inside an organisation's network perimeter is automatically safe. Historically, "anything which is outside the perimeter is untrusted and unsafe whereas anything which is inside the perimeter is trusted and deemed safe," he said. "But over the years, what we've seen is this approach has fallen flat, and time and again we've seen breaches happening across the globe. So the trust model is broken."

Zero trust, then, starts from the assumption that breaches will happen - and every user, device and network must be treated as untrusted until fully verified. "On a fundamental level, what zero trust does is it helps on the basis of assuming that the system will be breached and that we have to design our architecture assuming that there is no perimeter," Pradhan said.

He summed up the three key principles of the approach: "Number one, we need to provide secure access and authenticate access to all our resources. Secondly, we have to log everything. And the third thing is that it should be based on something called least privileges."

The surge in zero trust's popularity over the last year is no accident. The pandemic forced millions into remote work, exposing gaps in perimeter-based security and accelerating cloud adoption. But Pradhan argues zero trust is here to stay, irrespective of pandemic-induced work patterns. "Zero trust was there before the pandemic, it's been here for quite a while now, and I think it will still be relevant because we'll still have users either working from home or working from office," he said.

Looking ahead, Pradhan predicts a hybrid future for work - and a key role for zero trust. "Most enterprises will follow something called a hybrid model where we will have some users working from home and some users working from the office. Zero trust will help provide strict restrictions and verify whether that particular user is trusted or not, irrespective of whether the user is within the network or outside the network."

He is also emphatic that zero trust does not mean the death of perimeter security. Instead, it is a shift in mindset and a more holistic framework. "Zero trust is not a product or a technology; it is a philosophy or a concept," Pradhan explained. "From a zero trust perspective, it is a framework where perimeter security will be part of the architecture. In addition to perimeter security, we need to look at how do we protect identity, data, user, application, and the cloud."

Enterprises, he said, must begin by understanding their "protect surface"—identifying what resources, data, and applications need protection and mapping how they interact. "After we do that, we need to understand the data flow, the application flow - who's talking to whom - and based on that, we want to build an architecture, whether using existing technologies or adding new ones to complement what is already there." The final steps, Pradhan said, are to enforce, maintain and monitor the new architecture, which in turn helps "provide more secure environments for the workers."

The future for zero trust, according to industry research he cited, is bright. "It is expected by 2026 the zero trust market will reach about 54.6 billion dollars, with a year-on-year growth of about 18 per cent," Pradhan said. "Starting from 2021, we will see more and more growth in zero trust." He named third-party risk, supply chain security, IoT and OT (operational technology) environments, and cloud platforms as prime frontiers for development. "And with regulations such as GDPR coming in place, data security is an area where we will see a lot of zero trust being applied," he added.

Discussing SonicWall's evolving approach in the region, Pradhan outlined the company's platform-based solution. "The first thing we've got to do is understand the protect surface," he said. "We need to understand which is our users, which is our data, which is our endpoint, which is application. Once we are able to do that, what SonicWall does is we have something called a platform approach, which we call the SonicWall Boundary Cyber Platform, which helps provide zero trust security."

This platform, he explained, is designed for a world where some users are office-based and others remote. "What we are able to do - we are able to, number one, look at the device: how do we protect the device? Our next generation endpoint solution can protect the endpoint."

He detailed how secure access can be enabled for both cloud and on-premises resources using SonicWall's technology, which also incorporates device security checks and multi-factor authentication. "From an on-prem or data centre perspective, we have application firewalls which help protect the network from any inside or outside threats," Pradhan said. SonicWall's solutions also assess where threats originate and deploy virtual firewalls to secure cloud environments, alongside micro-segmentation and dedicated application security tools. "To sum it up, we have the management platform to not only enforce policy but also provide monitoring and logging of all activity that's happening in our environment," he said.

As the interview drew to a close, Pradhan reaffirmed his confidence in the centrality of zero trust going forward. "The fundamental principles of zero trust will still be there... assuming that the breach will happen. Zero trust will still remain," he said.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X