Think of the visibility that security teams require from fans entering a major sports arena. Attendees must successfully pass through a security detector while large purses, handbags or backpacks are not permitted. Usually, only fully transparent bags are allowed in. These transparent bags give security teams greater visibility into what fans are bringing into the arena, and that greater visibility is necessary when a small/limited team of security personnel is responsible for ensuring the safety of tens of thousands of fans. It may seem like a small detail to the average event goer, but it is a major guideline for security teams to leverage.
Similarly, IT security and networking leaders who are responsible for safeguarding campus networks require greater visibility, too. At all times, they must know the identities of all connected devices and the types of workloads and traffic that are traversing the network. They need to know who is accessing what and if access privileges are being respected or abused. Ideally, what campus network teams need is a way to authenticate every client that requests a connection and to continuously compare its configuration and status to a defined set of acceptable security states to ensure it will not introduce vulnerabilities or participate in an attack. As a bonus, the solution could be provided by a single vendor so the tools could operate as a united front.
Here is the good news: Such a solution is already available within the HPE Aruba Networking Edge Services Platform (ESP) security solutions portfolio. Let’s explore.
According to a survey conducted by the Ponemon Institute that involved a cross section of more than 2,000 IT professionals, 45% of respondents believe Zero Trust is a theoretical framework that cannot be implemented. Additionally, only 27% of respondents are confident or very confident in their ability to know all users and devices connected to their networks at all times. These two findings correlate with one another because Zero Trust is completely unobtainable if you don’t know the identity of all devices on your network. Without identity, there is no trust.
And we aren’t just talking about BYOD laptops, tablets, and phones. This applies to cameras, sensors, medical equipment and other undetected IoT devices. Zero Trust means having the visibility to know the identity of every device requesting a connection. Not most devices – all devices.
There have been 802.1X solutions on the market for some time now. These solutions only allow authorized devices to connect to the network. However, their implementation process is labor intensive and time consuming. That’s not the case with ClearPass Device Insight. This cloud application performs a wide range of Zero Trust architecture techniques as it discovers and profiles all devices connected to the network in automated fashion.
This solution allows network administrators to discover, monitor, and automatically classify new and existing devices that connect to a network, thus eliminating the costly guesswork of what a device is in a DHCP address list. ClearPass gives you granular visibility into the attributes of every device including its type, vendor, hardware version, and behavior. This collective information helps your team create granular access policies to control these devices and reduce risk exposure introduced to the network. Once a device’s identity is confirmed, it is then authenticated every time it connects to the network.
Visibility, identity, and authentication are only part of the Zero Trust security equation. Here’s some additional elements to factor in:
Similar to ClearPass, the HPE Aruba Networking ESP solution suite provides components that achieve all these capabilities in a single packaged solution. The ESP solution suite includes:
Zero Trust security is not a theoretical framework or exercise. It is an achievable state that every campus network should strive for because it can, thanks to HPE Aruba Networking and its potent lineup of Zero Trust security solutions. Talk to a WEI Zero Trust security specialist to learn more.
Next Steps: Just about every business we talk with has long-term remote workforce initiatives, and security has become a larger focal point of each conversation because devices are no longer protected by the traditional enterprise perimeter. Don't leave security to chance with your remote workforce. See how HPE Aruba Networking is solving the challenge with Remote Access Points, and find out just how easy their RAPs are to implement and manage in our tech brief below.