Page 36 - Informatics
P. 36
Technology Update
Key Steps to Zero Trust Model context to grant/deny access
• Grant least privileges – grant access to resources
explicitly requested by user rather than resources
by virtue of user identity or network
• Monitoring and audit – monitor all access re-
quests and patterns for establishing normal and
identify anomalies based on normal.
Zero trust can be achieved using most of the exist-
ing tools and technologies already deployed in the
environment with augmentation of a few new ones.
It has more to do with design change rather than
technology change. The technologies which can be
used for achieving zero trust in a data center can
include (not limited to) disk encryption, database
encryption, database access management, privilege
Verify Users Validate Devices Limit Previleged Access identity/access management using multi-factor au-
thentication, network micro-segmentation, next-gen
firewall, network intrusion prevention, host intrusion
ment. Get more visibility into what’s on your network lowing reasons: prevention, virtual private network, log monitoring
so you can secure it with a zero-trust approach. • Criticality of the data and analysis. The tools for office network can include
• Variety and volume of data user identity management with multi-factor authen-
• Workforce security: control who gets access • Importance of availability of services tication, network access control, endpoint protection
Assume zero trust until you can verify the • Diversity of environments solution, network micro-segmentation and next-gen
trust-worthiness of your users’ identities and the se- firewall with anti-advanced persistent threat.
curity of their devices. Protect against phishing and • Shortage of skilled resources
other identity-based attacks. Typical environment in a government setup includes
• Workload security: protect the entire application data centers housing data & services and office net- Advantages of Implementation
stack works housing users & devices. Zero trust has to be of Zero Trust
Secure access for APIs, micro-services, or containers planned for both the environments separately with
accessing a database within an application, no mat- necessary tools, policies and procedures in place. Various advantages of implementation of zero
ter where it’s located--in the cloud, data centres, or The steps to zero trust can be: trust can be,
other virtualised environments. Segment access and • Decreases risk by discovering assets and improv-
identify malicious behaviour to contain breaches ing visibility into them
and protect against lateral movement. • Protect data
• Reduce time to breach detection and gain visibili-
• Device security: control user and IoT devices ty into enterprise traffic
Get visibility into, better secure, and control every • Reduce the complexity of the security architecture
device accessing your applications and network at • Deliver both security and an improved end-user
all times. That includes Internet of Things (IoT), net- experience
work-enabled devices, and (managed and unman-
aged) user devices like APIs, cameras, HVAC systems, Summary
printers, medical equipment, and more.
Zero trust is not a technology rather an infra-
• Visibility and analytics: gain insight to enforce structure design principle built on security. It takes
security care of the modern threats faced by enterprises at
Improve or increase visibility and analytics for your ĞƌŽ dƌƵƐƚ ƌĐŚŝƚĞĐƚƵƌĞ ĚĞĮŶĞƐ Ă ĨƌĂŵĞ- the hands well-resourced and persistent adversar-
users and admins by gaining insight to unknown or ǁŽƌŬ ĨŽƌ ƐƚƌƵĐƚƵƌĂů ĐLJďĞƌ ƐĞĐƵƌŝƚLJ ŽĨ ŵŽĚ- ies. It begins with concept of isolation of resources
unidentified assets on your network, across work- ĞƌŶ ĞŶƚĞƌƉƌŝƐĞƐ͘ /ƚ ĐŽŵďŝŶĞƐ ƐŽŵĞ ŽĨ ƚŚĞ and access based on requests after proper verifi-
loads or applications. Integrate with other data cation. Adoption of zero trust requires modification
sources to use information intelligently to create and ĂůƌĞĂĚLJ ǁĞůů ŬŶŽǁŶ ĂŶĚ ĞƐƚĂďůŝƐŚĞĚ ƐĞĐƵ- of policies and tweaking user behaviour to achieve
enforce policies that strengthen your overall security ƌŝƚLJ ŐƵŝĚĞůŝŶĞƐ ĂŶĚ ŚŝŐŚůŝŐŚƚƐ ƚŚĞŵ ĂƐ ƚŚĞ the desired goals. It does not require a complete re-
posture. ďĂƐŝĐ ŽĨ ƚĞŶĞƚƐ ŽĨ ƚŚĞ ĨƌĂŵĞǁŽƌŬ͘ placement of existing tools and technologies. New
infrastructure being created can be designed on zero
• Automation and orchestration: respond to threats
quickly R S MANI trust from the beginning. Existing infrastructure can
The ability to integrate and automate security across be migrated gradually. Zero trust is not a choice any
your entire IT environment - for applications, net- Deputy Director General, NIC more, it is the way future infrastructure has to be de-
works, and workloads - is key for the success of your signed to survive the cyber threats.
zero-trust strategy. By automating policy enforce- • Identify resources – data, assets, applications and
ment consistently across your environment, you can services
prevent a breach and also automate your threat re- • Authenticate and authorize users – user access
sponse to more quickly contain a breach. policies should be based on identity
• Contextualize request – grant access to resources For further information, please contact:
Implementation of Zero Trust in from users not only based on identity but other R S Mani
environment parameters like device used, net-
Government ICT Environments work hooked on to, date and time of request, past Deputy Director General & HoG
National Informatics Centre, A-Block, CGO Complex
The government can benefit greatly from imple- history and pattern of access, etc. Lodhi Road, New Delhi - 110003
menting zero trust architecture because of the fol- • Adaptive policy – define access policies based on Email: rsm@nic.in, Phone: 011-24305397
36 informatics.nic.in April 2020
