Security Operations in the Age of Zero Trust
How must security operations transform to effectively deliver the comprehensive and integrated value of zero trust implementations? Security operations for Zero Trust must take a comprehensive approach, and deliver insights, competencies and skillsets, cost impact of transformed operating environment, KRIs/KPIs, management, and automation, across all solutions in place. Security operations must also focus on proper communication with the business owners, the management, and the C-level, who need to understand the state of cybersecurity and whether their investments are delivering improvements in security.
Commissioned by Persistent
1 Executive Summary
Zero Trust security has become an established concept, if not the guiding principle for modern security architectures. It defines an approach of multi-layered security, where, depending on the risk status, security is implemented and verified at multiple places. The focus is on avoiding blind trust in isolated and/or standalone security technologies and solutions, such as firewalls, VPNs (Virtual Private Networks), or others, given that attackers may bypass such a security perimeter. Unless there is a multi-layered approach for security in place and regular verification taking place, there is a risk of lateral movement by attackers after bypassing a security perimeter.
Zero Trust is a paradigm for implementing security. However, to make Zero Trust a success, it requires a well-thought architecture, it requires the right tools, process maturity and people competencies to be in place, and it requires effective integrations for efficient security operations. The latter aspect, SecOps, is frequently treated as an afterthought. However, to make a Zero Trust program or "journey" a success, it requires successful implementation and operations, as well as proper communication with the business and the management.
Modern SecOps, therefore, is not just the technical operation of security solutions, but a broader approach that focuses on organization, governance, processes, people skills, reporting, and more. It is about defined SLAs (Service Level Agreements) , SOPs (Standard Operating Procedures), Threat Intel and Automated response SOAR, analytics, and it is about efficient interaction between the internal teams and MSSPs (Managed Security Service Providers), with clearly defined accountabilities and responsibilities.
The SecOps organization takes a unified perspective across the various areas of IT security, which are still commonly segregated into siloes, such as IAM, network security, application security, data security, GRC etc...or – closely related to security – network infrastructure or client management. Only with such an integrated approach, can a complex Zero Trust program covering all of IT be successful.
SecOps must think creatively to bring other security domain operations under the same umbrella, either delivered out of an integrated SOC or by a managed services construct. This means, e.g., integrating user access management and monitoring, PAM (Privileged Access Management) operations, IGA (Identity Governance and Administration) operations, database access monitoring, DDoS (Distributed Denial of Service) protection, and even integrate NOC (Network Operations Center) function into the SOC. Such SOC then must provide broader network access control monitoring with integrated context feeds from threat intelligence services. It must support the incident response function of an organization. The overall objective of modern SecOps is to combat fast remediation of an intrusion, minimizing damages, and adding resilience to the business.
Thus, organizations must define their Zero Trust strategy. They must build a Zero Trust architecture, which is best done with a use-case driven and bottom-up approach. They must set up their SecOps, focusing on more than just running technology. They must identify their priorities in implementing Zero Trust security, and they must execute on this, step-by-step.
For demonstrating success, it is essential to measure the state of security. Metrics must be defined and measured, ahead of starting projects, to show how the state of security changes (improves) by investing in Zero Trust. Doing SecOps right, helps in getting this done because metrics and reporting are a core element of modern SecOps.
Full article is available for registered users with free trial access or paid subscription.
Register and read on!
Sign up for the Professional or Specialist Subscription Packages to access the entire body of the KuppingerCole research library consisting of 700+ articles.