Zero trust is a historically loaded term — misunderstood and misused. Many vendors claim that zero trust is all about identity and access management. While that is certainly a building block, that definition is increasingly narrow as organizations moving to the cloud find themselves navigating greater challenges beyond defending the "perimeter."
Development teams transforming from classic to cloud-native app development almost always outpace security. How would zero trust help? For starters, organizations need a strategic cybersecurity approach that fits their cloud transformation.
Development and DevOps teams have modernized their applications with cloud-native development workflows and modern architectures, including virtual machines, containers, and serverless functions. Meanwhile, cybersecurity teams struggle to apply new tools and technologies every time a new security risk is highlighted. This is where zero trust can help — it is an opportunity to modernize and rebuild security for the cloud-native era.
The zero-trust enterprise is a strategy that removes all implicit trust from all digital interactions. In the context of cloud-native environments, companies must continuously verify the integrity of all cloud identities, workloads, access, and data transactions. Cloud workload protection requirements are uniquely positioned at the intersection of DevOps, cloud-native architectures, and zero-trust architectures. As organizations continue their cloud workload adoption, they look for a modern cybersecurity strategy, and a zero-trust architecture is an opportunity to build security the right way.
The State of Cloud Workloads & Security
Today's enterprises continue to move to the cloud and take advantage of emerging cloud-native architectures. The "2022 State of Cloud Native Security Report" found that organizations expect to host 68% of their workloads in the cloud within two years.
New and expanding cloud workload adoptions come with new challenges and risks. A Cloud Native Computing Foundation (CNCF) survey revealed containers in production are the norm today with complexity and security representing two of the top three challenges shared by respondents. With the proliferation of the cloud-native architectures, security, infrastructure, and DevOps teams need a centralized solution to provide visibility and protection across the continuum of cloud-native architectures to address vulnerabilities, manage compliance, and enable runtime protection.
Replacing legacy security is a big deal and sometimes requires — if not triggered by your cloud and remote workforce programs — a harsh wake-up call to make it happen. With a vulnerability like Log4Shell, security teams would quickly want to identify vulnerable applications while also protecting their applications from threats and attacks. Ransomware attacks, for example, are increasing and becoming more costly to targeted organizations. According to Unit 42 threat research, the average ransom paid by organizations in the US, Canada, and Europe increased from US$115,123 in 2019 to $312,493 in 2020 — a 171% year-over-year increase. The cloud represents a new opportunity for your zero-trust program, which shouldn't be overlooked.
Cloud-native architectures bring clear benefits of improved scalability, availability, and shorter deployment time. The shift to a zero-trust model is driven by runtime protection to enforce application control, prevent attacks, and capture forensic data. DevOps teams require comprehensive policy creation and enforcement. Including a flexibility of alerting and blocking execution of code if policy is violated by continuously monitoring and responding to indicators of compromise.
Protecting Workloads With Zero Trust
Application-related security risks are on the rise. And with security becoming a top priority, there is more push to integrate security into early stages of the application lifecycle. Today's DevOps teams are using continuous integration and continuous delivery (CI/CD) workflows to drive application development. Security teams require tools and automation to secure cloud infrastructure and applications early in development.
Systematic risks increase in DevOps environments in both vertical and horizontal directions. Vertically, there are many more risks to be considered compared to more traditional environments. Horizontally, an impact of a single poisoned package can be massive, as seen in cases such as SolarWinds.
Zero trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. Don't waste your opportunity to build zero trust at the beginning of your DevOps and cloud journey.
About the Author
Ivan Melia leads product marketing for Cloud Workload Protection at Palo Alto Networks. Passionate about business, marketing and technology, he focuses on product launches, pre-sales and product adoption. Previously he held product management and business development roles at Cisco.