skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view

Summary

At this year’s RSA Conference held recently in San Francisco, Zero Trust security was seemingly everywhere on the exhibition floor. This is the approach whereby a company’s infrastructure is completely locked down, with access granted to individual assets on a one-by-one basis, and even then, only with continuous monitoring.

PAM, SDP, and microsegmentation all use Zero Trust

Zero Trust arose a decade ago, when in response to an ever morphing, ever more muscular threat landscape, granting “access all areas” rights was increasingly not an option in enterprise security. It has now gone mainstream, with three main flavors, applicable to different use cases.

First, for privileged users such as sysadmins and C-level execs, there is privileged access management (PAM) technology, which has gone from providing secure vaults in which to store passwords to a “least privilege” approach, where users must log in separately for each application they work on.

Second, for remote access, a replacement touted for virtual private networks (VPNs) is software-defined perimeter (SDP) technology, which blanks out all assets that users are not authorized to access and lets them get to ones they are allowed to see, but again on a one-by-one basis only. Google takes this a step further with its BeyondCorp initiative, extending the approach to all employees.

Third, for protecting cloud workloads, there is the approach of microsegmentation, a granular partitioning approach whereby traffic to and from a workload is isolated according to security policies. Companies can therefore gain control over the east-west traffic that evades traditional architectures based on firewalls, which are designed only to inspect north-south traffic and can miss traffic between applications and workloads that might be generated by security exploits.

Appendix

Author

Rik Turner, Principal Analyst, Infrastructure Solutions

rik.turner@ovum.com

Recommended Articles

;

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team: +44 7771 980316


Asia-Pacific team: +61 (0)3 960 16700

US team: +1 212-652-5335

Email us at ClientServices@ovum.com

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Email us at pr@ovum.com

Contact marketing - 
marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now