Zero Trust
From Legacy to Cloud: How a Virtual Sandbox and Hybrid Approach Can Accelerate Zero Trust
Zero Trust improves mission outcomes by providing a long-term security posture to the enterprise, enabling capability advancements that were once unthinkable.
Zero Trust is not a fad. We expect it to become the new standard for cybersecurity in every federal agency. Why is it so popular now? Zero Trust protects against internal and external threats, whether malicious or merely careless. The term Zero Trust has been around for several years, but advances in applications and technology are leading to faster adoption of its principles, even in legacy infrastructure.
Traditional IT security is designed to protect the perimeter – much like a “castle” fortification. The networks are fortified with firewalls and advanced detection devices to make the perimeter difficult to penetrate. However, once inside, a malicious actor can move horizontally – often quite easily – to access much of the enterprise. Anything outside the perimeter such as remote workers, cloud-based services or edge devices remain unprotected.
With Zero Trust, access control is not limited to the perimeter. Granular enforcement of access control is applied to all data, applications and other resources, so they remain protected during every interaction. The result is that even if the network is penetrated, damage is limited or non-existent.
Adopting Zero Trust is relatively straightforward for those in a pure cloud environment. This is because native-cloud infrastructure and apps are more likely to contain Zero Trust elements, such as micro-segmentation and containerization. But what if your IT environment includes on-premises legacy equipment? How can you apply Zero Trust?
Start with the Network
Networks are the foundation of the Zero Trust model. All the other elements – applications, services, databases, etc. – interact with the network. Since the network can control or deny access, it’s the key to beginning your Zero Trust journey.
The problem with restructuring large legacy networks is their complexity, usually due to sprawl. They likely include resources and connections added on throughout years or decades, and were not designed with Zero Trust in mind.
Begin by assessing the network’s current status with regard to your current and expected mission requirements, and review any technical debt related to the network. If you conclude that the complexity of the network is overwhelming and will take years to resolve before you can move to Zero Trust, consider setting up a “virtual sandbox” to get the transition started.
Consider Using a Virtual Sandbox
Adopting a “virtual sandbox” allows you to pivot away from tackling the legacy network technical debt and Zero Trust modernization all at once. A cloud-based sandbox environment lets you quickly build and test new Zero Trust network infrastructure and model its interaction with applications. Use the sandbox to learn what configurations work best for your agency’s environment and how to customize them to meet specific mission needs. This allows you to freely test network security software applications and how they integrate with current and future systems. You’ll be able to develop and test a software-defined network that supports the rest of your requirements. Use it to experiment quickly – find and fill gaps prior to roll-out on the live production (mission) network.
Once you lay this groundwork, you can review core services and applications to see how they communicate with the network. When transitioning legacy apps to Zero Trust, make sure your services, like Federated Authentication and DNS, can handle both Zero Trust apps and non-Zero Trust apps. Be sure to test these apps in the sandbox so you’re not impacting existing workloads.
Need to Move Faster?
Try a Zero Trust Proxy or Hybrid Model
Some older systems and out-of-date technologies won’t be able to move in their current state. In this case, adopting a Zero Trust proxy or other network-defined protection can give you a Zero Trust posture without the heavy lift of having to rewrite or rebuild legacy applications.
Often a hybrid model is the most expedient. You can design new enterprise services and applications using Zero Trust and redevelop legacy applications over time. Some applications cannot move to virtual or cloud environments, but the hybrid approach enables meaningful progress, so you can achieve your most important Zero Trust goals and quickly protect your critical assets.
Applied Insight’s Altitude cloud infrastructure platform allows you to quickly spin up a virtual sandbox. It delivers granular access control with built-in compliance and Zero Trust fundamentals already established for you.
To learn more about Zero Trust Solutions for legacy and cloud networks contact us at contact@applied-insight.com.
Gabriel Alix is Vice-President of Intelligence at Applied Insight and an active member the Intelligence and National Security Alliance (INSA) Cyber Committee working group on Zero Trust.