The Zero Trust security, or “zero trust”, is gradually making its way among companies. But not as fast as some technology-related companies would like, mainly due to its nature. Zero Trust is a cybersecurity framework that automates an organization’s security architecture, preparing and orchestrating a response as soon as systems are attacked. At first it seems that it offers a good picture, but implementing it is not as simple as it seems.
Indeed, the implementation of a complete Zero Trust security solution, guided by the so-called Seven Pillars of Zero Trust, is quite complex. For a single company to achieve this is quite complicated. That is why there are companies that come together to offer Zero Trust security solutions and options to companies.
It is what Dell aims to do with creating an ecosystem of companies which has as its endaccelerate adoption of Zero Trust security. Currently, it is already made up of more than 30 technology and security companies, and its objective is to create a unified solution between infrastructure platforms, applications, services and cloud systems.
The companies that make up this ecosystem also have the collaboration of the Maryland Innovation Security Institute (MISI), with the aim of offering first-rate technology in the Zero Trust Center of Excellence. They will also develop an advanced private cloud solution focused on security integration and orchestration for their clients.
The members of the ecosystem hope that this approach will help companies and organizations to implement this security technology, and take advantage of the necessary experience that they offer to develop and configure the architecture. Among the companies that have joined Dell in the creation of this ecosystem are, among others, Gigamon, Intel, Juniper Networks, Nomad GCS, Nvidia, Palo Alto Networks, or VMware.
Its mission is focused on helping companies and organizations that want it to execute the Zero Trust requirements of the Department of Defense. These include continuous authentication, as well as compliance with connection regulations, device detection, and compliance. This means that they have to prepare their systems so that any device that tries to connect to a network, or access a resource, is detected, and its compliance status assessed.
In addition, these systems have to implement systems with continuous monitoring, and regular authorization. This means that automated tools and processes have to continuously monitor applications, and assess what authorization they have, in order to decide the most effective means of security control-
In terms of data encryption and rights management, with Zero Trust, data rights management tools encrypt information at rest and in transit, with the goal of reducing the risk of unauthorized data access. For its part, software-defined networking, which also uses Zero Trust, assigns control of packets to a centralized server, as well as offering additional network visibility and allowing for integration requirements.
On the other hand, policy orchestration seeks to collect and document all rule-based policies, with the aim of orchestrating the security stack for effective automation. And the integration of threat intelligence data with other security information and event management (SIEM) provides a consolidated view of threat activity.
