The security policy is dynamically updated with the changes of users, devices, data and external risks.
Due to the dynamic, containerized and microservice characteristics of cloud-native environments, traditional boundary security protection policies cannot be fully adapted.
The network security boundary in the traditional network architecture is usually implemented by hardware devices such as firewalls and gateways.
With the development of public cloud, private cloud and hybrid cloud technologies, cloud-native programs may be deployed anywhere, even across multiple cloud service providers and regions, and traditional security boundaries are disappearing.
In the cloud-native environment, the number and location of containers are constantly changing, and their running status will be abnormal due to external attacks, software defects and other reasons, which will adversely affect the security of the cloud-native environment.
To sum up, a more flexible, refined and scalable security model-zero trust is needed in the cloud-native environment.
The essence of the zero-trust security model is identity-centered access control.
It guides the security architecture from network-centric to identity-centric, establishes a more efficient, comprehensive and flexible security defense system, reduces the attack surface, lowers security risks, increases fine granularity of access control, and avoids information and data leakage.
Asset inventory can discover unknown or unauthorized assets in time, determine which assets should be authorized or prohibited from accessing, and improve the security and controllability of cloud-native environments.
Cloud-native applications usually need to process sensitive data, and encryption and decryption technologies are required during data storage, transmission and processing to ensure data security.
Cloud-native environments rely on other open-source components and frameworks that are more or less vulnerable to vulnerabilities and security risks.
Continuous security monitoring and auditing can ensure the legality of users' and services' access to sensitive data and applications, monitor potential threats in real time, and reduce the risk of unauthorized access.
Automatic credential rotation can reduce human errors and omissions, and reduce the security risks caused by credential leakage and theft.
Security risks are increasing day by day, and dynamically updateable security protection policies are required to cope with endless security threats.
Regular security awareness training for employees on risks and preventive measures can effectively improve the overall security level of the enterprise.
Due to the dynamic and non-fixed security boundary, traditional security policies cannot effectively solve many security problems in a cloud-native environment.
The core principle of the zero-trust security model is authentication and authorization.
Identity-centered zero-trust security model can solve some problems that cannot be solved by traditional security policies more dynamically, finely and effectively.
The zero-trust security model cannot completely replace traditional security policies.
The post The Imperative for Zero Trust in a Cloud-Native Environment appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
This Cyber News was published on securityboulevard.com. Publication date: Thu, 07 Dec 2023 08:13:05 +0000