Vertrauen ist wichtig, aber in der Cloud gelten andere Regeln als im traditionellen Netzwerk. Wie Unternehmen ihre IT-Landschaft durch Zero-Trust-Prinzipien absichern sollten, schildert Sebastian Ganschow, Director Cybersecurity Solutions bei NTT Ltd., in einem Gastbeitrag. | Trust is important, but different rules apply in the cloud than in the traditional network. In a guest article, Sebastian Ganschow, Director Cybersecurity Solutions at NTT Ltd, describes how companies should secure their IT landscape using zero-trust principles. |
---|---|
Vertrauen ist gut, aber häufig gefährlich. Der Zugang zu Unternehmensnetzwerken basiert traditionell auf Vertrauensbasis. Das bedeutet, Firmen verteilen recht freimütig Berechtigungen und Zugriffe an alle Betriebszugehörigen. Diese Methode ist aus Sicht von Security-Experten ohnehin alles andere als sicher. Doch jetzt, da immer mehr Organisationen ihre Anwendungen und Workloads von internen Rechenzentren in die Cloud verlagern, wächst die Angriffsfläche für unberechtigte Zugriffe, zum Beispiel durch Hacker. Im Rahmen der Netzwerkmodernisierung ist die Zeit reif für eine Security-Infrastruktur nach dem Zero-Trust-Prinzip, findet NTT Ltd. und rät zu folgenden Schritten für die Umsetzung:
„Das Zero-Trust-Prinzip ist kein Allheilmittel, sondern sollte als Framework und Grundsatz verstanden werden, um die IT-Landschaft von Unternehmen bestmöglich zu schützen“, betont Sebastian Ganschow, Director Cybersecurity Solutions bei NTT Ltd. „Wer sich für diese Philosophie entscheidet, sollte zuerst prüfen, welche Möglichkeiten er mit seinen bestehenden Technologien schon hat. Ein externer Dienstleister kann Firmen dann dabei beraten, wie auf dieser Basis eine Zero-Trust-Architektur entstehen kann.“ | Trust is good, but often dangerous. Access to corporate networks has traditionally been based on trust. That is, companies quite freely distribute permissions and access to all company employees. This method is far from secure in the view of security experts anyway. But now that more and more organizations are moving their applications and workloads from internal data centers to the cloud, the attack surface for unauthorized access, for example by hackers, is growing. As part of network modernization, the time is ripe for a zero-trust security infrastructure, finds NTT Ltd, a leading IT infrastructure and services company, and advises the following steps for implementation: – Get an overview: To implement a successful zero-trust strategy, organizations should first obtain a comprehensive overview of all cloud-based applications, security structures, user identities and authorized devices. This inventory reveals what access rights exist and is the basis for building a new security architecture in which implicit trust is replaced by granting minimal permissions. – Build identity management: The zero-trust strategy stands or falls with the identity management system, where security teams manage all access permissions. In this central location, specialists define authorizations for users and devices – the system then assigns them automatically. In line with the zero-trust philosophy, the rules for identification and authentication are very finely granulated to ensure the security of the IT landscape. In practice, this means that users are not given far-reaching rights, but only access to those applications they need for their work. Verification before each individual access prevents hackers from gaining access to all programs with a user’s permissions once they have infiltrated one of his or her devices. – Ensure ease of use: Employees should not be expected to log in every time they use an app. If the zero-trust strategy complicates the users‘ working environment, they quickly become annoyed and find ways and means to circumvent the hurdles. A single sign-on approach is therefore essential for acceptance of the new security architecture. After a system login, employees must be granted access to all applications for which they are authorized. – Integrate all enterprise applications: Many enterprises have a multi-cloud approach; that is, they use cloud services from different providers for different business needs. The IT environment becomes even more cluttered due to the large number of applications in different clouds. A zero-trust strategy means that security officers manage access rights centrally and assign roles so that users‘ authorizations apply simultaneously in all clouds and annoying multiple logins are eliminated. This aspect also significantly simplifies the work of IT teams, as they no longer have to manage permissions for multiple clouds separately. Incidentally, once the new security architecture for the cloud is in place, technical legacy applications and all other network components can also be integrated into the structure and the single sign-on approach using Zero Trust Network Access (ZTNA). – Continuous monitoring: Another important aspect of the zero trust model is continuous monitoring of access. Monitoring checks whether authorizations are used appropriately and uncovers anomalies in the communication between client and application. If an access appears suspicious, security experts can take countermeasures and, for example, terminate the connection or isolate an end device. „The zero-trust principle is not a panacea, but should be understood as a framework and principle to protect the IT landscape of companies in the best possible way,“ emphasizes Sebastian Ganschow, Director Cybersecurity Solutions at NTT Ltd. „Anyone who decides to adopt this philosophy should first check what options they already have with their existing technologies. An external service provider can then advise companies on how to create a zero-trust architecture on this basis.“ |
Dr. Jakob Jung ist Chefredakteur Security Storage und Channel Germany. Er ist seit mehr als 20 Jahren im IT-Journalismus tätig. Zu seinen beruflichen Stationen gehören Computer Reseller News, Heise Resale, Informationweek, Techtarget (Storage und Datacenter) sowie ChannelBiz. Darüber hinaus ist er für zahlreiche IT-Publikationen freiberuflich tätig, darunter Computerwoche, Channelpartner, IT-Business, Storage-Insider und ZDnet. Seine Themenschwerpunkte sind Channel, Storage, Security, Datacenter, ERP und CRM.
Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM.
Kontakt – Contact via Mail: jakob.jung@security-storage-und-channel-germany.de