Intelligent CISO Issue 37 | Page 76

By selecting integrated and automated tools , CISOs can help overcome the key challenges of Zero Trust access .
compromise , NAC processes need to be completed in seconds and provide consistent operations across both wired and wireless networks . Any NAC solution should also be easy to deploy from a central location , so it won ’ t require sensors at every device location .
Although it ’ s important to enforce access control for all devices , IoT devices are particularly challenging because they are typically low-power , small form factor devices without memory or CPU to support security processes , and they also often aren ’ t compatible with endpoint security tools . As access control can ’ t be performed in the devices , the network itself needs to provide security .
As they consider ZTA solutions , CISOs need to make IoT control a priority . Access control through the network involves micro segmenting the network with next-generation firewalls ( NGFWs ) and grouping similar IoT devices together to harden the network . This approach breaks up the lateral ( eastwest ) path through the network , so it ’ s more difficult for hackers and worms to gain access to connected devices . It also reduces the risk that a hacker can use an infected device as a vector to attack the rest of the network .
3 . What happens to managed devices when they leave the network Since people use BYOD devices both for personal and business needs , the third key to an effective ZTA strategy is understanding what happens when devices leave the network . When they aren ’ t logged into the network , users may browse the Internet , interact with others on social media and receive personal emails . After being online , once they re-join the network , these users can inadvertently expose their devices and company resources to threats they may have picked up , such as viruses and malware . at one location and reconnect it at another , or they might start working on one device and continue on another .
To contend with these challenges , endpoint security must be part of any ZTA solution . It should provide offnetwork hygiene control , including vulnerability scanning , web filtering and patching policies . It should also provide secure and flexible options for Virtual Private Network ( VPN ) connectivity .
Like identity management tools , endpoint security should support SSO . When an endpoint is connected to the network , the solution should relay device status information to other network and security components to determine risk and assign appropriate access level .
Trust no one and leverage an effective Zero Trust access strategy
The more people and devices that connect to a network , the less secure a traditional perimeter-based approach becomes . Every time a device or user is automatically trusted , it places the organisation ’ s data , applications and intellectual property at risk . CISOs need to shift the fundamental paradigm of an open network built around inherent trust to a Zero Trust model with rigorous network access controls that span the distributed network .
By selecting integrated and automated tools , CISOs can help overcome the key challenges of Zero Trust access : knowing who and what is on the network ; controlling their resource access ; and mitigating the risks of that access . u

By selecting integrated and automated tools , CISOs can help overcome the key challenges of Zero Trust access .

Controlling managed devices when they go off the network is challenging . Thanks to cloud services , people can disconnect their device from the network
76 www . intelligentciso . com