Trust no one.
This is one of the few slogans of the X-Files, a popular science-fiction television show in the 1990s that dealt with paranormal phenomena.
The cult TV series, which spawned two movies, narrates the exploits of an unlikely pair of special agents of the US Federal Bureau of Investigation: Fox Mulder, who believes in aliens, and Dana Scully, who doesn’t.
After they manage to uncover several strange secrets — some of which involve shadowy figures working for the government — they both resolve to suspect everything and everyone to protect their mission and their lives.
The show and the slogan it helped popularize best explain Zero Trust, an emerging trend in cybersecurity that is here to stay, even after the pandemic is over.
To this day, millions continue to work from home to curb the virus spread. As a result, every single day and night, employees log on to their corporate networks using their personal devices via their home WiFi connections.
Once logged in, they can usually have the run of the network, practically being able to access anything they want to, and perhaps even stumbling upon connections and confidential corporate data. In short, as the specter of the coronavirus still looms large on the global horizon, every user remains a potential security risk.
They could deliberately disrupt the network or their access could be used by someone else — wittingly or otherwise — to wreak havoc on the system. But under Zero Trust, such scenarios would prove to be vastly more difficult. This is because each connection and each user is assumed to be potentially hostile, no matter where it is located.
To help transform the concept of Zero Trust into practice, a company called Kemp Technologies developed its own Zero Trust Network Access (ZTNA) as a free of charge component of the Enterprise Plus Support of their Application Delivery Controller/Load Balancer.
Under this framework, “…a request to access an application that comes from within the network perimeter is deemed to be no different from one that originates on the Internet,” says Kemp Technologies on its website.
“Both need the same level of scrutiny, and they need to provide the right authentication responses before access is allowed. The same is true for every access request to any IT system. No connection is assumed to be safe based on where it originates. It moves beyond the traditional model of securing the perimeter.”.
To enhance security, users and/or connections are granted access for each application separately. Indeed, under Kemp’s Zero Trust Network Access, there is no cross-application authorization. Application servers can still communicate with each other, only these communications need to make individual access requests and use authentications similarly to users and services.
These security functions do not just cover servers but personal devices as well. For example, access from devices attempting to connect from unusual locations are blocked.
In May, Kemp used its ZTNA framework and transformed it into a product. The company launched its Zero Trust Access Gateway (ZTAG) architecture to “…simplify the introduction of a zero-trust model for securing published workloads and services,” Kemp says in a press statement.
Its ZTAG solution includes a proxy, authentication, access logic, and automation capabilities designed to help customers apply the zero-trust logic to their load-balanced web applications.
“Zero trust is the future of application access and continues to gain traction for customers,” says Jason Dover, VP of Product Strategy for Kemp. “Kemp is leveraging the privileged position of the load balancer combined with our extensible automation framework to help customers simplify the introduction of a zero trust model into their application ecosystem.”
Mike Bomba, who worked for the US Department of Defense for more than 35 years, says the following on Zero Trust: “The real goal of this model is to eliminate trust in a system because trust within a network is a vulnerability that gets exploited and trying to get systems to be truly trusted entails integrating into a broken model,” he said in a blog entry entitled “Basic Zero Trust Principles For Application Security” for Kemp Technologies.