In a not-particularly heart warming turn of phrase, Frederich Nietzsche once opined that “morality is just a fiction used by the herd of inferior human beings to hold back the few superior men.”
People create their own morality to suit them at different points in time, he believes. The flexibility of this approach doesn’t suit the rigidity of our complex computer-powered world, and can cause immense digital destruction.
This is why nations must set out rigorous rules when it comes to the security of their digital infrastructure. Nietzsche’s philosophy demonstrates clearly why a “zero trust” architecture is the future of cyber security.
Just this year, Singapore has announced its plans for a superfast, cutting-edge 5G infrastructure. Network operators have committed to rolling out standalone 5G networks from January 2021, culminating in nationwide coverage by end-2025. Network operators were selected in part based on their capabilities to deliver key security requirements stipulated by IMDA.
At the heart of successful 5G adoption is government agencies’ commitment to a ‘Zero Trust Architecture’ at the outset. “These requirements are necessary in view of the increased security risks brought about by 5G networks that are virtualised with intelligence at the edge, and larger number of devices connected to them,” according to IMDA.
So what is a Zero Trust architecture?
Bassam Khan, Vice President of Product and Technical Marketing at Gigamon, puts it this way: “In the most basic terms, it means you have zero trust for any person, device or identity that’s accessing the network, until you take some steps to verify that the person, device and their associated identity belongs there. Once verified, it also means opening the least amount of access necessary to perform a task.”
7 steps in every Zero Trust journey
Khan details key steps for organisations to attain Zero Trust objectives.
The first step is to approach security with a clear view of what data is most critical for them to protect. This involves building “layered defences from the data outwards”, Khan says. This lets teams work with a smaller perimeter, allowing them to more realistically monitor the most important data and applications.
Second, organisations should know the weak links in their networks. These are often areas where they have “granted open access to employees, contractors, and third parties”, he adds. Security teams need to identify these vulnerabilities and streamline their efforts.
Next, organisations must delineate who has access to their networks. It is “critical to know what every stakeholder’s role is and what access each role requires at any point in time.” Organisations need to constantly remove and update permissions, a process which requires them to have a complete view of their network.
Fourth, agencies have to “verify everyone and everything trying to access [their] network”, says Khan. When security teams purchase new solutions, they have to consider whether products can complement the organisation’s Zero Trust efforts.
Fifth, they should build security one step at a time, prioritising critical data. After that, it’s a matter of constantly viewing their strategy through the Zero Trust lens, assessing how all tools work together to form a coherent defence. This data-driven approach means each security tool needs to be intelligent.
Next, organisations should adopt a concrete plan to visualise and analyse encrypted traffic. Ideally, they should consider a “centralised approach to decryption”, he says, which would reduce the load on network tools. This would help security teams analyse data quicker to discover threats lurking beneath the surface.
Finally, no cybersecurity prevention is 100% effective and organisations need to implement an effective security process centred around threat detection and response. This model has to be “data-centric”, so that security teams “have the information [they] need to quickly identify external threats”. Focusing solely on external threats isn’t enough — a robust security system has to look inwards as well.
From factories to ports, 5G will become a bedrock of Singapore’s infrastructure and economy. A commitment to secure this will keep us all safe in the long run. Zero trust enables trust, and empowers agencies to take charge of their infrastructure.
Contact Gigamon today to learn how we can help you take the first step in your Zero Trust journey. Or better yet, let us show you ways to get started: request a demo today.