Much like the disease currently ravaging the world, malware and cybercrime are difficult to stop. With millions of people now working from home, the attack surface has mushroomed, with exploits originating from inside and outside the enterprise.
But these threats can be detected, contained, and their impacts greatly mitigated using clever new approaches to security. One such method pairs a zero-trust security model with hyperconverged infrastructure (HCI). These tools combine to deliver strong safeguards across today’s complex IT environments in a way that’s simple to deploy and manage.
Trust No One
Cyberattacks have skyrocketed in both frequency and scale since the global pandemic began. Ransomware attacks are up 800%, according to MonsterCloud. The detection of sustained hacker attempts to steal scientific information and the Twitter account breaches of high-profile Americans like Bill Gates and Barack Obama exemplify other threats. A new study from Malwarebytes has revealed massive gaps in cybersecurity since the work-from-home uptick.
The famously paranoid Joseph Stalin was supposed to have said “I trust no one, not even myself,” and the first part of that sentiment is increasingly being adopted by leading IT platform vendors, cybersecurity providers, and enterprises. Perhaps a bit of paranoia is a good thing when it comes to cybersecurity.
“The zero-trust model of cybersecurity treats everything as equals; there is no longer a trusted user, application, or location,” said Mike Wronski, Director of Product Marketing at Nutanix. “Everything is secured with the assumption that it could be compromised and needs to be contained.”
To achieve that, zero-trust prescribes policies that stringently restrict communications and access. Only essential communications among applications are allowed and users are limited to accessing the IT resources they specifically need to perform their jobs. This segmentation helps prevent the spread after compromise.
Zero-trust is implemented through granular network and user policy controls, along with the ability to monitor and update those controls automatically. According to Wronski, this may sound simple and straightforward, but many organizations struggle with implementation because they can’t see across their complex IT environments to create effective policies. HCI, however, helps provide that visibility.
Hyperconverge for Visibility and Control
HCI is a software-defined IT architecture based on virtualized compute, storage, and network infrastructure typically running on commercial off-the-shelf (COTS) servers. Management can be federated across the entire infrastructure.
HCI increases visibility into the security posture of IT environments by simplifying hardware and software stacks. With fewer operational silos, the application of zero-trust security concepts become much simpler, said Wronski. Remote teams can continuously monitor the security health of the organization with holistic and highly granular visibility.
Authentication and role-based access controls are easier to introduce into the simpler HCI stack. Zero Trust benefits from the user context provided by authentication to map users to their applications and networks, explained Wronski.
Prevention isn't going to work all the time, though. When breaches do occur, Wronski said, the damage can be contained applying zero trust concepts using microsegmentation at the network level.
Microsegmentation policies create discrete, secure zones in data centers and cloud deployments that allow companies to isolate workloads from one another and secure them individually. HCI provides the necessary infrastructure-wide visualization that enables the automation and orchestration of microsegmentation as new apps are deployed or scaled.
“Zero Trust is all about policy and segmentation,” said Wronski. “Consider microsegmentation the next level of prevention when patching was missed or there is a compromise. This approach limits an attacker’s ability to look for other targets or spread across servers or applications.”
IT managers expect systems to be compromised, said Wronski, and micro-segmentation is the best method to limit the exposure.
“Don't assume that everything you do will be effective at preventing and detecting breaches,” Wronski warned. “Deploy security information and event management tools [SIEM] to look for anomalies that could be attacks.”
Where to Start
With so many employees working from home during the pandemic, a good place to begin implementing zero-trust policies for many organizations is securing virtual desktop environments and VPN connections. Implementing zero trust in more complex legacy applications could be tackled later.
“Zero Trust is a journey, not a standalone fix,” said Wronski. “It should involve everyone: the team managing remote desktops, the applications management team, tech support, and every user. They all have a role to play.”
He reiterated that Zero Trust is prevention by segmentation. Micro-segmentation is the way to implement the Zero Trust approach at the network level. Micro-segmentation, built on top of a hardened HCI platform and combined with strong backup and recovery plans, further limits the impact on data and other IT resources. This can accelerate the recovery from an attack.