wonderfully unique software solutions

‘Zero trust’ cybersecurity approach is misunderstood: Stormshield

Trusting nothing and no one when it comes to network access is impractical if not completely impossible, endpoint security vendor Stormshield has suggested.

Sébastien Viou, blogging for Stormshield, says the zero-trust network approach commonly advocated has been widely misunderstood, if not misapplied.

“It’s based on a simple premise: to secure your IT system against cyber threats, you must doubt everything and trust nothing. But rather than abolishing trust, could the issue be more one of moving it elsewhere?” he writes.

Viou notes that systems architectures have changed, fragmenting the perimeter — especially with the rise of secure teleworking, bring-your-own-device (BYOD), and cloud computing. Mounting tough defences only at the network perimeter no longer makes as much sense.

Identifying and authenticating users can be done via virtual private networking (VPN), remote login tools and multifactor authentication solutions. But there’s still “a mixed bag of applications and uncontrolled equipment” to manage — which is partly why so many promote the zero-trust concept.

Stéphane Prévost, product marketing manager at Stormshield, describes zero-trust as impossible.

“When you’re providing access to sensitive assets, you need something tangible to hold on to,” Viou quotes him as saying.

“What really matters in the zero-trust approach is the user/machine combination. Even if a user has been authenticated, the device they’re using is still a potential vulnerability. For example, it may have been infected by a virus which will be able to access sensitive content and encrypt data. We therefore also need a way of trusting the machine.”

Viou says the question should be more about awarding the correct amount of trust for the sensitivity of the information or that is needed to protect the environment — instead of verifying logins, identities and privileges every time the network is accessed, including within the corporate network.

“To achieve this, asset protection solutions must factor in issues of context-sensitive policies and dynamic adaptability. And as a result, ensure that security is tailored to the specific environment,” he says.

Access must be managed according to the nature of the workstation (business or personal), software used, update status of its security solutions, and whether the device is at home, in the office, on the move or wherever, Viou says.

Read the full Stormshield blog.

( Photo by HAYDER ALABBA on Unsplash )

Recent Articles

Octopus Deploy follows Codefresh buy with 2024.1 Server

Continuous delivery (CD) pipeline platform vendor Octopus Deploy has acquired fellow development software specialist Codefresh and rolled out a new version of...

Top-25 cloud list runs gamut from Visma to Cloudflare, Wasabi to Azul

The Software Report market insights website has named 25 software companies as the top companies in cloud computing for 2024, offering specific...

TeamViewer partners Deloitte on digital visuals for warehouse logistics

Deloitte and TeamViewer have combined the latter's augmented reality (AR) based visual picking offering with SAP Extended Warehouse Management (EWM) for warehousing...

Hornetsecurity expands M365 cloud security offer with Vade deal

Cloud email security provider Hornetsecurity has added a partnership with Vade, increasing focus on answering data sovereignty requirements with best-in-class cloud, compliance...

Cross-browser testing provider BrowserStack named Microsoft ‘partner of choice’

Software testing platform provider BrowserStack has announced a strategic partnership with Microsoft to support Visual Studio App Center users transitioning to BrowserStack...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox