The networks of today are, for the most part, still the networks of the past. The foundation they were built on has changed very little in the last decade. They were hardware-centric when designed, and that carried over to the perimeter-based approach used to secure them. Routers were designed to facilitate “any-to-any” communication, while access control lists (ACLs) were put in place to specify access rights. Firewalls were deployed at network boundaries to stop all traffic, unless access was predetermined by a set of security rules.
With the perimeter being redefined every day and companies’ data and critical information being accessed on new endpoints regularly, it is now impossible to truly say for sure what is secure and what isn’t. Attack vectors change constantly, and reactivity doesn’t work when it comes to modern network security. Assuming that everything inside the network can be trusted allows threat actors and those misusing privileged credentials to move inside the network with ease, stealing data or planting malicious code as they go. An organization must proactively prevent threats from gaining access by treating all traffic as potentially dangerous.
That is the core belief behind a zero trust approach to network security - trust no traffic unless it has explicitly proved itself to be safe.
Smaller is Safer
Users want unbridled access to any network at any time. They want to mix personal and business network usage, bring their own devices and use devices in insecure areas. Application owners are opti