Zero trust in a hybrid architecture

Hybrid IT Europe
Hybrid IT Europe Hybrid IT Europe
Zero Trust in Hybrid Architectures Patrick Sullivan Director: Security Strategy Akamai Technologies
Agenda • Drivers of change in a Hybrid environment • Zero Trust Overview • How to incorporate Zero Trust into your transition to Cloud
©2017 AKAMAI | FASTER FORWARDTM Golden Era of Network Perimeter App #2 App #1 App #3 ● Users & apps inside ● Inside = Trusted ● Walls work ● Threats remain outside
©2017 AKAMAI | FASTER FORWARDTM Applications Are Moving Outside App #2 App #1 App #3 ● IaaS & SaaS ● Hybrid ● Inconsistent visibility, security & control ● Confusing end-user experience
©2017 AKAMAI | FASTER FORWARDTM Users Have Moved Outside App #2 App #1 App #3 ● Mobile ● Digital ecosystem ● Global distribution ● Remote workers
©2017 AKAMAI | FASTER FORWARDTM Threats Are Moving Inside App #1 App #2 App #3 ● Security architecture vulnerabilities leveraged in complex attacks ● Malware, phishing & data exfiltration ● Credential theft ● Single factor authentication ● Lateral network movement
©2017 AKAMAI | FASTER FORWARDTM Zero trust Users & apps anywhere Verify & never trust Application access App #1 App #2 App #3 There is no inside... Current Trends Require Zero Trust App #2 App #1 App #3 Inside = trusted Users & apps inside Trust at Network Layer Full network access
©2017 AKAMAI | FASTER FORWARDTM “The data economy renders today's network, perimeter-based security useless. As businesses monetize information and insights across a complex business ecosystem, the idea of a corporate perimeter becomes quaint - even dangerous.” Excerpt from Forrester’s Future-Proof your Digital Business with Zero Trust Security
©2017 AKAMAI | FASTER FORWARDTM What’s Zero Trust? Security model evangelized by Forrester Research Key principles: ● The network is always assumed to be hostile. ● External and internal threats exist on the network at all times. ● Network locality is not sufficient for deciding trust in a network. ● Every device, user, and network flow is authenticated and authorized. ● Policies must be dynamic and calculated from as many sources of data as possible. John Kindervag
©2017 AKAMAI | FASTER FORWARDTM Rob Joyce: Chief NSA TAO USENIX Enigma 2016:”Disrupting Nation State Hackers”
©2017 AKAMAI | FASTER FORWARDTM
©2017 AKAMAI | FASTER FORWARDTM Cloud, IoT, BYoD, Partner relationships all expand trust boundaries “What are you doing to shore up the trust boundary of the things you really must defend?” “Most networks….Big castle walls…Hard outer shell….Soft gooey center”
©2017 AKAMAI | FASTER FORWARDTM Case Study: Google BeyondCorp
©2017 AKAMAI | FASTER FORWARDTM
©2017 AKAMAI | FASTER FORWARDTM Akamai Architecture Laptop Micro Perimeter Apps Enterprise App Access
©2017 AKAMAI | FASTER FORWARDTM Browser Based Access & No Public IP
©2017 AKAMAI | FASTER FORWARDTM Hybrid Zero Trust Architecture Data Center App #3 Cloud App SaaS App App #1 App #2 Branch Roaming Global Proxy Platform > Performance Overlay > WAF, AntiBot Enterprise Connector > Secure dial-out > Deployed as VM or container Global Proxy Platform > Connection establishment > Single sign-on > Multi-factor authentication
Better Security and Better Performance Before = 10.5 sec. After = 5.5 sec.
©2017 AKAMAI | FASTER FORWARDTM Divorce Trust from Network Topology as you adopt Hybrid IT
©2017 AKAMAI | FASTER FORWARDTM Authenticate everything, Encrypt everything Users, devices and apps - data in transit and at rest
©2017 AKAMAI | FASTER FORWARDTM Centralize policy definition, but distribute policy enforcement
©2017 AKAMAI | FASTER FORWARDTM Treat trust as dynamic and situational
©2017 AKAMAI | FASTER FORWARDTM Always verify with full visibility and logging
©2017 AKAMAI | FASTER FORWARDTM Summary • Zero Trust Security Architectures Reduce Risk and Complexity for a Hybrid Architecture • New Zero Trust Services are evolving very quickly • Consider Cloud Migration as an opportunity to migrate to a Zero Trust Architecture
1 sur 24

Zero trust in a hybrid architecture

Télécharger pour lire hors ligne
Technologie

Why is there zero trust in a hybrid architecture you may ask? Akamai Technologies' Patrick Sullivan discusses just that and more in his presentation.

Hybrid IT Europe
Hybrid IT Europe Hybrid IT Europe

Recommandé

Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
2.5K vues27 diapositives
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
917 vues16 diapositives
Zero TrustZero Trust
Zero TrustBoaz Shunami
723 vues11 diapositives
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
1.7K vues45 diapositives
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
759 vues16 diapositives
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Cloudflare
2.7K vues38 diapositives

Contenu connexe

Tendances

What is Zero TrustWhat is Zero Trust
What is Zero TrustOkta-Inc
1.7K vues12 diapositives
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
323 vues44 diapositives

Tendances(20)

Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam12.2K vues
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler1.5K vues
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire5.5K vues
What is Zero TrustWhat is Zero Trust
What is Zero Trust
Okta-Inc1.7K vues
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applications
Forcepoint LLC1K vues
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
Guido Marchetti323 vues
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
Denise Bailey331 vues
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat1.7K vues
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021
Cloudflare533 vues
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
AlgoSec13K vues
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo593 vues
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?
Ahmed Banafa2.5K vues
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.720 vues
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken1.6K vues
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB
Samrat Das2.8K vues
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash8.5K vues
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
Priyanka Aash6.6K vues
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB 4.7K vues
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Ivanti259 vues
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
David J Rosenthal2.8K vues

Similaire à Zero trust in a hybrid architecture

Similaire à Zero trust in a hybrid architecture(20)

Trust No One - Zero Trust on the Akamai PlatformTrust No One - Zero Trust on the Akamai Platform
Trust No One - Zero Trust on the Akamai Platform
Elisabeth Bitsch-Christensen495 vues
3 Reasons It's Time for a New Remote Access Model3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access Model
Akamai Technologies1.3K vues
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaProteja sus datos en cualquier servicio Cloud y Web de forma unificada
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Cristian Garcia G.313 vues
Csa Summit 2017 - Un viaje seguro hacia la nubeCsa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nube
CSA Argentina951 vues
How to Counter Cybersecurity Attacks - Trust No OneHow to Counter Cybersecurity Attacks - Trust No One
How to Counter Cybersecurity Attacks - Trust No One
Elisabeth Bitsch-Christensen119 vues
TL;DR Web Performance WorkshopTL;DR Web Performance Workshop
TL;DR Web Performance Workshop
Gareth Hughes1.5K vues
Migration to microsoft_azure_with_zscalerMigration to microsoft_azure_with_zscaler
Migration to microsoft_azure_with_zscaler
Zscaler1.1K vues
Zero-Trust SASE DevSecOpsZero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOps
Araf Karsh Hamid546 vues
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
Practical Code, LLC158 vues
Six Steps to Secure Access for Privileged Insiders & VendorsSix Steps to Secure Access for Privileged Insiders & Vendors
Six Steps to Secure Access for Privileged Insiders & Vendors
Bomgar360 vues
Akamai Intelligent Edge SecurityAkamai Intelligent Edge Security
Akamai Intelligent Edge Security
Akamai Technologies1.8K vues
Visibility and Automation for Enhanced SecurityVisibility and Automation for Enhanced Security
Visibility and Automation for Enhanced Security
patmisasi1.7K vues
CheckPoint SoftwareCheckPoint Software
CheckPoint Software
Janis Gloystein253 vues
Big data - Intelligence Driven Security, Roy KatmorBig data - Intelligence Driven Security, Roy Katmor
Big data - Intelligence Driven Security, Roy Katmor
MIT Forum of Israel1.1K vues
Securing Beyond the Cloud GenerationSecuring Beyond the Cloud Generation
Securing Beyond the Cloud Generation
Forcepoint LLC322 vues
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec394 vues
Webinar remote access_no_vpn_pitfalls_111517Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517
Zscaler215 vues
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in aws
Zscaler850 vues
TEUNO Summit - PresentacionesTEUNO Summit - Presentaciones
TEUNO Summit - Presentaciones
TEUNO301 vues
How sdp delivers_zero_trustHow sdp delivers_zero_trust
How sdp delivers_zero_trust
Zscaler767 vues

Dernier

Dernier(20)

The Research Portal of Catalonia: Growing more (information) & more (services)The Research Portal of Catalonia: Growing more (information) & more (services)
The Research Portal of Catalonia: Growing more (information) & more (services)
CSUC - Consorci de Serveis Universitaris de Catalunya51 vues
Webinar : Competing for tomorrow’s leaders – How MENA insurers can win the wa...Webinar : Competing for tomorrow’s leaders – How MENA insurers can win the wa...
Webinar : Competing for tomorrow’s leaders – How MENA insurers can win the wa...
The Digital Insurer24 vues
AI: mind, matter, meaning, metaphors, being, becoming, life valuesAI: mind, matter, meaning, metaphors, being, becoming, life values
AI: mind, matter, meaning, metaphors, being, becoming, life values
Twain Liu 刘秋艳28 vues
Photowave Presentation Slides - 11.8.23.pptxPhotowave Presentation Slides - 11.8.23.pptx
Photowave Presentation Slides - 11.8.23.pptx
CXL Forum118 vues
Java 21 and Beyond- A Roadmap of Innovations .pdfJava 21 and Beyond- A Roadmap of Innovations .pdf
Java 21 and Beyond- A Roadmap of Innovations .pdf
Ana-Maria Mihalceanu51 vues
Combining Orchestration and Choreography for a Clean ArchitectureCombining Orchestration and Choreography for a Clean Architecture
Combining Orchestration and Choreography for a Clean Architecture
ThomasHeinrichs164 vues
Web Dev - 1 PPT.pdfWeb Dev - 1 PPT.pdf
Web Dev - 1 PPT.pdf
gdsczhcet48 vues
Transcript: The Details of Description Techniques tips and tangents on altern...Transcript: The Details of Description Techniques tips and tangents on altern...
Transcript: The Details of Description Techniques tips and tangents on altern...
BookNet Canada99 vues
Astera Labs: Intelligent Connectivity for Cloud and AI InfrastructureAstera Labs: Intelligent Connectivity for Cloud and AI Infrastructure
Astera Labs: Intelligent Connectivity for Cloud and AI Infrastructure
CXL Forum118 vues
The details of description: Techniques, tips, and tangents on alternative tex...The details of description: Techniques, tips, and tangents on alternative tex...
The details of description: Techniques, tips, and tangents on alternative tex...
BookNet Canada97 vues
MemVerge: Gismo (Global IO-free Shared Memory Objects)MemVerge: Gismo (Global IO-free Shared Memory Objects)
MemVerge: Gismo (Global IO-free Shared Memory Objects)
CXL Forum108 vues
MemVerge: Memory Viewer SoftwareMemVerge: Memory Viewer Software
MemVerge: Memory Viewer Software
CXL Forum115 vues
AMD: 4th Generation EPYC CXL DemoAMD: 4th Generation EPYC CXL Demo
AMD: 4th Generation EPYC CXL Demo
CXL Forum117 vues
METHOD AND SYSTEM FOR PREDICTING OPTIMAL LOAD FOR WHICH THE YIELD IS MAXIMUM ...METHOD AND SYSTEM FOR PREDICTING OPTIMAL LOAD FOR WHICH THE YIELD IS MAXIMUM ...
METHOD AND SYSTEM FOR PREDICTING OPTIMAL LOAD FOR WHICH THE YIELD IS MAXIMUM ...
Prity Khastgir IPR Strategic India Patent Attorney Amplify Innovation23 vues
CXL at OCPCXL at OCP
CXL at OCP
CXL Forum183 vues
Microchip: CXL Use Cases and Enabling EcosystemMicrochip: CXL Use Cases and Enabling Ecosystem
Microchip: CXL Use Cases and Enabling Ecosystem
CXL Forum107 vues
Level-up Your Cloud Visibility Into AWS With ThousandEyesLevel-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyes
ThousandEyes74 vues
Green Leaf Consulting: Capabilities DeckGreen Leaf Consulting: Capabilities Deck
Green Leaf Consulting: Capabilities Deck
GreenLeafConsulting170 vues
Java Platform Approach 1.0 - Picnic MeetupJava Platform Approach 1.0 - Picnic Meetup
Java Platform Approach 1.0 - Picnic Meetup
Rick Ossendrijver23 vues
Business Analyst Series 2023 - Week 2 Session 3Business Analyst Series 2023 - Week 2 Session 3
Business Analyst Series 2023 - Week 2 Session 3
DianaGray10307 vues

Zero trust in a hybrid architecture

  • 1. Zero Trust in Hybrid Architectures Patrick Sullivan Director: Security Strategy Akamai Technologies
  • 2. Agenda • Drivers of change in a Hybrid environment • Zero Trust Overview • How to incorporate Zero Trust into your transition to Cloud
  • 3. ©2017 AKAMAI | FASTER FORWARDTM Golden Era of Network Perimeter App #2 App #1 App #3 ● Users & apps inside ● Inside = Trusted ● Walls work ● Threats remain outside
  • 4. ©2017 AKAMAI | FASTER FORWARDTM Applications Are Moving Outside App #2 App #1 App #3 ● IaaS & SaaS ● Hybrid ● Inconsistent visibility, security & control ● Confusing end-user experience
  • 5. ©2017 AKAMAI | FASTER FORWARDTM Users Have Moved Outside App #2 App #1 App #3 ● Mobile ● Digital ecosystem ● Global distribution ● Remote workers
  • 6. ©2017 AKAMAI | FASTER FORWARDTM Threats Are Moving Inside App #1 App #2 App #3 ● Security architecture vulnerabilities leveraged in complex attacks ● Malware, phishing & data exfiltration ● Credential theft ● Single factor authentication ● Lateral network movement
  • 7. ©2017 AKAMAI | FASTER FORWARDTM Zero trust Users & apps anywhere Verify & never trust Application access App #1 App #2 App #3 There is no inside... Current Trends Require Zero Trust App #2 App #1 App #3 Inside = trusted Users & apps inside Trust at Network Layer Full network access
  • 8. ©2017 AKAMAI | FASTER FORWARDTM “The data economy renders today's network, perimeter-based security useless. As businesses monetize information and insights across a complex business ecosystem, the idea of a corporate perimeter becomes quaint - even dangerous.” Excerpt from Forrester’s Future-Proof your Digital Business with Zero Trust Security
  • 9. ©2017 AKAMAI | FASTER FORWARDTM What’s Zero Trust? Security model evangelized by Forrester Research Key principles: ● The network is always assumed to be hostile. ● External and internal threats exist on the network at all times. ● Network locality is not sufficient for deciding trust in a network. ● Every device, user, and network flow is authenticated and authorized. ● Policies must be dynamic and calculated from as many sources of data as possible. John Kindervag
  • 10. ©2017 AKAMAI | FASTER FORWARDTM Rob Joyce: Chief NSA TAO USENIX Enigma 2016:”Disrupting Nation State Hackers”
  • 11. ©2017 AKAMAI | FASTER FORWARDTM
  • 12. ©2017 AKAMAI | FASTER FORWARDTM Cloud, IoT, BYoD, Partner relationships all expand trust boundaries “What are you doing to shore up the trust boundary of the things you really must defend?” “Most networks….Big castle walls…Hard outer shell….Soft gooey center”
  • 13. ©2017 AKAMAI | FASTER FORWARDTM Case Study: Google BeyondCorp
  • 14. ©2017 AKAMAI | FASTER FORWARDTM
  • 15. ©2017 AKAMAI | FASTER FORWARDTM Akamai Architecture Laptop Micro Perimeter Apps Enterprise App Access
  • 16. ©2017 AKAMAI | FASTER FORWARDTM Browser Based Access & No Public IP
  • 17. ©2017 AKAMAI | FASTER FORWARDTM Hybrid Zero Trust Architecture Data Center App #3 Cloud App SaaS App App #1 App #2 Branch Roaming Global Proxy Platform > Performance Overlay > WAF, AntiBot Enterprise Connector > Secure dial-out > Deployed as VM or container Global Proxy Platform > Connection establishment > Single sign-on > Multi-factor authentication
  • 18. Better Security and Better Performance Before = 10.5 sec. After = 5.5 sec.
  • 19. ©2017 AKAMAI | FASTER FORWARDTM Divorce Trust from Network Topology as you adopt Hybrid IT
  • 20. ©2017 AKAMAI | FASTER FORWARDTM Authenticate everything, Encrypt everything Users, devices and apps - data in transit and at rest
  • 21. ©2017 AKAMAI | FASTER FORWARDTM Centralize policy definition, but distribute policy enforcement
  • 22. ©2017 AKAMAI | FASTER FORWARDTM Treat trust as dynamic and situational
  • 23. ©2017 AKAMAI | FASTER FORWARDTM Always verify with full visibility and logging
  • 24. ©2017 AKAMAI | FASTER FORWARDTM Summary • Zero Trust Security Architectures Reduce Risk and Complexity for a Hybrid Architecture • New Zero Trust Services are evolving very quickly • Consider Cloud Migration as an opportunity to migrate to a Zero Trust Architecture