1 Introduction
The proverbial digital transformation, fueled by the trends such as mobility, the proliferation of SaaS applications, and cloud infrastructure continues to increase the number of connected devices and services, greatly increasing the attack surface and thus exposing businesses to many new cybersecurity risks. A traditional corporate perimeter has all but disappeared, and more and more people, applications, and sensitive data are moving outside of the “trusted network”.
It is therefore unsurprising that Zero Trust is rapidly gaining popularity as a modern alternative to the traditional perimeter-based security, which can no longer protect against external and internal cyber threats. An infrastructure designed around this model treats every user, application, or data source as untrusted and enforces strict security, access control, and comprehensive auditing to ensure visibility and accountability of all user activities.
Unfortunately, in the last few years, the notion of “Zero Trust” has become a popular buzzword notorious for numerous conflicting interpretations among experts, software vendors, and customers regarding what exactly it’s supposed to mean, with some companies pushing the idea that their solutions can instantly transform a legacy network into a “next-generation perimeter”. At KuppingerCole, we continue to stress that Zero Trust is, first of all, a transformational process that requires organizations to radically rethink not just their network and security architectures, but to adapt their entire business processes for the new approach.
This includes compartmentalizing your formerly flat corporate network using microsegmentation to reduce lateral movement and contain data breaches; implementing a fine-grained least privilege access model for applications and data sources; enforcing strong and adaptive user authentication governed by dynamic policies; and, last but not least, designing a multilayered cyberthreat defense that works anywhere, not just behind the corporate firewall. Going Zero Trust effectively means completely dismantling the very notion of the intranet to ensure a consistent experience across all devices and locations without making your IT infrastructure too complex and costly.
Cisco Systems, Inc. is a multinational technology company headquartered in San Jose, California, USA. Founded in 1984 by the pioneers of the multi-protocol network router concept, the company has quickly grown into the world’s largest manufacturer of networking hardware and telecommunications equipment. With over 75,000 employees in 90 countries and a large global partner network, Cisco maintains a truly worldwide presence and leading positions in many regional markets in both their core areas of network hardware, as well as in many other technologies like VoIP services, wireless networking, cloud technologies, and information security.
The company’s portfolio offers not only a number of network management and security solutions designed specifically around the principles of the Zero Trust paradigm but a broad range of more traditional security and access management products. Together, they can provide a solid foundation for consistent step-by-step implementation of Zero Trust in any corporate network. Cisco Zero Trust provides a comprehensive approach to securing all access across applications and environments, from any user, device, and location. This approach provides the security solutions needed to protect the workforce, workloads, and workplace.