“Zero Trust needs to be applied to everything, every person, every device, every code that you write, or that you buy, and you need to put the right protections above it, behind it, in between it, to monitor behavior, to make sure that it's doing what it says it's supposed to do.”
Rackspace Technology Chief Technology Evangelist and podcast host Jeff DeVerter summed up the all-encompassing Zero Trust approach that organizations need to be taking. In the latest Cloud Talk podcast episode, Jeff is joined by Gary Alterson, Rackspace Technology Vice President of Security Services as they explore what Zero Trust security is.
The old ways are no longer enough to keep environments secure. Alterson describes how, for example, passwords are failing to provide protection. “Now due to the ability to phish, or even just go harvesting on the dark web, passwords have lost a lot of meaning as a modicum for identifying whether or not somebody is who they say they are and whether they are trustworthy.”
So, where do you begin with a Zero Trust approach? Alterson explains, “It's a framework or philosophical approach to how you build systems, applications and solutions. And the idea is that you validate the trustworthiness of the components, whether that's an individual or a piece of software.”
One of the ways to bolster security does indeed involve solutions. “There are solutions in the remote access, authentication and identity space that support a Zero Trust approach. The same thing is true in internal networking. And all these pieces come together for a solution that helps implement the Zero Trust framework,” says Alterson.
They also discuss additional ways to protect your organization, including:
- Incorporating an identity story to validate patterns of authentication
- Using microsegmentation to apply constraints between devices
- Validating and scanning code before placing it in workloads
- Training developers to write secure code
- Implementing DevSecOps to ensure code is built securely in the DevOps environment
When it comes to the cloud hyperscalers, they all have the tooling to support security — but it’s not the same as a Zero Trust approach. But Alterson predicts, “Check back in a couple of quarters from now and there will be a solution. And there are third-party technology solutions and things you can build yourself as well.”