Do you trust your network? Performance may be in an optimal place, and workplace operations are thankful for that. But what about security? ‘Zero Trust’ is a practice every IT leader and decision maker should be educated on as more and more organizations have realized that all attacks don’t originate from the other side of the firewall. Attacks can be launched from anywhere, including within the network itself. Network administrators must always operate under the assumption that their network has already been breached. And sadly, for some reading this article, that may be the case.
Security Starts With Visibility
Think of the visibility that security teams require from fans entering a major sports arena. Attendees must successfully pass through a security detector while large purses, handbags or backpacks are not permitted. Usually, only fully transparent bags are allowed in. These transparent bags give security teams greater visibility into what fans are bringing into the arena, and that greater visibility is necessary when a small/limited team of security personnel is responsible for ensuring the safety of tens of thousands of fans. It may seem like a small detail to the average event goer, but it is a major guideline for security teams to leverage.
Similarly, IT security and networking leaders who are responsible for safeguarding campus networks require greater visibility, too. At all times, they must know the identities of all connected devices and the types of workloads and traffic that are traversing the network. They need to know who is accessing what and if access privileges are being respected or abused. Ideally, what campus network teams need is a way to authenticate every client that requests a connection and to continuously compare its configuration and status to a defined set of acceptable security states to ensure it will not introduce vulnerabilities or participate in an attack. As a bonus, the solution could be provided by a single vendor so the tools could operate as a united front.
Here is the good news: Such a solution is already available within the Aruba Edge Services Platform (ESP) security solutions portfolio. Let’s explore.
Identity Is Critical
According to a survey conducted by the Ponemon Institute that involved a cross section of more than 2,000 IT professionals, 45% of respondents believe Zero Trust is a theoretical framework that cannot be implemented. Additionally, only 27% of respondents are confident or very confident in their ability to know all users and devices connected to their networks at all times. These two findings correlate with one another because Zero Trust is completely unobtainable if you don’t know the identity of all devices on your network. Without identity, there is no trust.
No Identity – no access.
And we aren’t just talking about BYOD laptops, tablets, and phones. This applies to cameras, sensors, medical equipment and other undetected IoT devices. Zero Trust means having the visibility to know the identity of every device requesting a connection. Not most devices – all devices.
Aruba ClearPass Device Insight
There have been 802.1X solutions on the market for some time now. These solutions only allow authorized devices to connect to the network. However, their implementation process is labor intensive and time consuming. That’s not the case with Aruba ClearPass Device Insight. This cloud application performs a wide range of Zero Trust architecture techniques as it discovers and profiles all devices connected to the network in automated fashion.
This solution allows network administrators to discover, monitor, and automatically classify new and existing devices that connect to a network, thus eliminating the costly guesswork of what a device is in a DHCP address list. ClearPass gives you granular visibility into the attributes of every device including its type, vendor, hardware version, and behavior. This collective information helps your team create granular access policies to control these devices and reduce risk exposure introduced to the network. Once a device’s identity is confirmed, it is then authenticated every time it connects to the network.
Additional Components Of Zero Trust Security
Visibility, identity, and authentication are only part of the Zero Trust security equation. Here’s some additional elements to factor in:
- Role-based Access Control (RBAC): Helps enforce the principle of least privilege so users are only granted the minimum level of access required to perform their duties. RBAC also allows organizations to segment their network and applications based on roles.
- Conditional Monitoring: Continuously evaluates the trustworthiness of users and devices based on factors such as user behavior and device profile. It also uses advanced analytics and machine learning algorithms to identify anomalies and deviations from normal behavior patterns. Anything abnormal is deemed a potential risk and treated as such.
- Enforcement and Response: Ensure that a detected anomaly or possible threat is acted upon and, if necessary, remediated before it has the chance to disrupt network and business operations.
Similar to ClearPass, the Aruba ESP solution suite provides components that achieve all these capabilities in a single packaged solution. The Aruba ESP solution suite includes:
- Client Insights
- Dynamic Segmentation
- Policy Enforcement Firewall
- Central NetConductor
- Aruba 360 Security Exchange
Zero Trust security is not a theoretical framework or exercise. It is an achievable state that every campus network should strive for because it can, thanks to Aruba and its potent lineup of Zero Trust security solutions. Talk to a WEI Zero Trust security specialist to learn more.
Next Steps: Just about every business we talk with has long-term remote workforce initiatives, and security has become a larger focal point of each conversation because devices are no longer protected by the traditional enterprise perimeter. Don't leave security to chance with your remote workforce. See how Aruba is solving the challenge with Aruba Remote Access Points, and find out just how easy Aruba RAPs are to implement and manage in our tech brief below.