EBook

The Road to
Zero Trust
Steps towards achieving
Zero Trust Security in
your organisation
The Road to Zero Trust

Introduction

Zero Trust is in the spotlight. And it will continue This Ebook takes you through what a
to be the case amidst a background where Zero Trust approach encompasses, and
cybersecurity discussions have taken centerstage how organisations can decide on the
in boardrooms. With organisations having to deal
right Zero Trust Solution. In this Ebook,
with highly distributed workforces, the resulting
security infrastructure has become highly you’ll know about:
complicated, and replete with vulnerabilities,
necessitating a relook at the same.
• How remote work has redefined the network
In an increasingly perimeterless world, where both
perimeter
workforces and workloads have moved outside
the confines of a well defined network perimeter, • The vulnerability of the VPN in the current
there needs to be an optimal tradeoff between
remote work scenario
security and accessibility. With the increase in
remote work and the concurrent migration of • The importance of continuous authentication
applications and servers to the cloud, security
and monitoring models
teams today are faced with the conundrum of
maintaining this balance without compromise. • Why a Zero Trust Model is being seen as the
go to solution
In this scenario, Zero Trust methodologies, with
their ‘Never Trust, Always Verify’ Approach, • What are the considerations to be kept in
backed by a continuous authentication and
mind while assessing Zero Trust Solutions
monitoring process, have the potential to create a
revolution in the security arena in the next • Steps towards crafting a Zero Trust Strategy
decade.

Instasafe.com
The Road to Zero Trust

An imminent revolution in
Cybersecurity
2020 will go down in history books as the year which
transformed the way we work, through what can be
termed as the ‘World’s largest Work from Home
Experiment’

Remote Work, though a somewhat known concept in developed countries,

was still limited in scope. In developing countries, working from home was
a one time in a month novelty that many didn’t bother to use. With the
onset of the pandemic, however, the way organisations worked saw a sea
change. Almost every affected country became a work from home
economy.

At the same time, organisations have realised the inefficacy of their

security setups in extending secure access of business critical resources
without compromising on security. Given the current situation, where
almost the entire workforce is highly distributed, and applications are
present beyond on-premise servers, the traditional conceptions of security,
based on securing assets within a defined perimeter, do not hold good
anymore. With companies’s entire workforce, and most, if not all of their
data and applications on the cloud, security setups that depend on
perimeter based security, and were designed with small remote workforces
in mind, need to be relooked at, given their inability to scale to the cloud
and cater to large remote workforces

Instasafe.com
The Road to Zero Trust

With teams operating out of different locations, coordination amongst Surveys by leading market research
them has become tedious. In this scenario, it is necessary for companies to
make it much easier for their workforces to access enterprise resources agencies have revealed some shocking stats
with ease, without them bothering about the security aspect. Given that with respect to work from home security:
multitudes of organisations are following BYOD policies, companies can’t
rely on their workforces to be always using secured networks to access • 44% of organisations have not trained their staff in
enterprise assets, or to not be using their devices to access personal Emails basic cyber security hygiene while working from
and other data which is suscpeptible to malware. home

• In April 2020 alone, Google blocked 18 million daily

The Advent of Work from Home malware and phishing emails related to coronavirus
The Work from Home Movement exodus has thrown the spotlight on the
inefficacy of BYOD policies in maintaining security. It is given that BYOD in • Remote work has increased the average cost of a data
itself is not a movement anymore, but a part of the new reality. And while breach by $137,000
BYOD policies are favoured by workers, 61% of whom believe that the tools
used by them in their personal life are more productive than work tools, it These factoids reinforce the increasing vulnerabilities of
is but apparent that BYOD policies serve to highly complicate the security security setups in modern working conditions, and the
setup of organisations. Security teams have to deal with remote workers worrisome bandwidth of existing technologies in repelling
while not having the visibility that they could get into enterprise owned network based attacks in present conditions.
devices.

In effect, the BYOD and WFH movement have made traditional, network
perimeter reliant security highly vulnerable and open to attacks

Instasafe.com
The Road to Zero Trust

VPNs: A Thing of the past

Traditionally, the first function of the Internet was to connect systems and However, one of the biggest issue with VPNs is
processes. Given a proper route and an IP address, a wide range of their inability to secure cloud workloads and
systems could be connected. Thus, a system of open trust was ensure secure access of enterprise resources to
established, with authentication being a secondary priority, handled remote workforces. VPNs had been built on the
higher in the stack. premise of network based security, which
As hackers started coming into the picture and abusing the system of meant that once inside the network, any user
open trust, zones of implicit trust were created inside the network using or asset was considered to be trusted by
VPNs. For remote workforces, VPNs extended the trust to remote default. This opened the scope for lateral
employees by extending the network. This was again intercepted and movement attacks within the network and
exploited by attackers, and so were the services that moved into insider attacks, which proliferated with the rise
Demilitarised Zones when external access was required. of remote workforces. Any potentially
compromised user or device could now access
With the advent of the cloud, the propensity of hackers to exploit the the entire network once they got in, thus
unprecedented implicit trust within traditional systems has become all putting critical resources at huge risk.
the more pronounced. With a growth in remote employees, users may be
located virtually anywhere in the world. The traditional model is In effect, what we are faced with is a ‘One of the biggest issue with
inadequate in facing up to these challenges. technology that was built to guard walls,
operating in a network that no longer has walls. VPNs is their inability to secure
Summarily, VPNs come with baggage. And lots of it. For one, they are And this is just the tip of the iceberg. cloud workloads and ensure
extremely laggy and not at all user friendly to work with, especially with secure access of enterprise
modern cloud applications. VPNs, until now have mostly been hardware
based, which means that a sudden scale up in the number of remote
resources to remote workforces’
users will drive up installation, maintenance and other overheads
exponentially.

Instasafe.com
The Road to Zero Trust

Moving Beyond Trust by Default: The

Zero Trust Approach
Zero Trust Network Access (ZTNA) is an evolved response to changing In essence, ZTNA cannot be divined to be just a single
enterprise security trends, which especially include those relating to network architecture, but is rather a set of guiding principles
remote users and cloud based assets, that are not present within in terms of both network design and network operation, that
enterprise owned network realms. Given that traditional perimeters dramatically revamps the security infrastructure of an
are dissolving in the light of new and unprecedented expansionary organisation, while at the same time, increasing visibility and
trends, ZTNA concepts shift the focus from protection of network the scope for analytics across the network.
segments, to the protection of resources. ZTNA approaches stress on While framing an all encompassing definition of zero trust
providing a consistent security strategy of users accessing data from architecture requires touching upon multiple aspects of
any location in any way. By adopting a “Always verify before you network architecture, a brief operative description of a zero
trust” stance, ZTNA flips the entire traditional trust calculation, trust architecture may be as follows:
asserting that all transactions, users, and data, whether on-premise
or remote, are not to be trusted from the outset. Zero Trust Architecture is designed to lay down an
Zero Trust Models draw upon the following ground assertions: aggregation of principles, concepts, and component
• Distinctions between “inside” and “outside” the network relationships, that serve the primary purpose of effectively
perimeters no longer stand true. Network locality can’t be a lone eradicating any uncertainties that may arise while enforcing
factor in determining trust. decisions relating to access to enterprise systems and
• Malicious threats exist on the network at all times, and may be applications.
internal or external in nature
• Every user, device, network, and data, is to be validated and In retrospect, the zero trust model would require an
authenticated before granting access adaptive deployment model that lays a special emphasis on
• Zero Trust Policies are to be dynamic in nature, taking into account Continuous Diagnostics and Mitigation. The primary aim of
multiple sources of data, and continuous monitoring of data is to the architecture is making access control as granular as
be done for garnering new insights regarding any new possible, and at the same time, completely eradicating any
vulnerabilities that may crop up form of unauthorised access.to enterprise resources.

Instasafe.com
The Road to Zero Trust

The Identity Centric Approach

Relying on a ‘Never trust, Always Verify’ mode seems This process of continuous authorisation based on identity
like a no-brainer during these trying times. And in is taking a step further. Modern Zero trust solutions like
implementing this Zero Trust approach, what InstaSafe are integrating behavioural biometrics in their
organisations must realise is that identity forms the solutions to analyse behaviour patterns and report
core of all Zero Trust principles. Zero Trust Security is anomalies and suspected breaches through such analysis.
based on the following foundational foundations:
• Secure access of all workloads by all workforces,
regardless of the location of both
• Granular Access Control, and Least privilege access
The core of an efficient Zero Trust security posture, as per
on a need to know basis
NIST, is resources – data, devices, networks, and workloads -
• Continuous monitoring and auditing of all network
and their identity. Identity, by itself, forms the spine of all
activities
three approaches to a Zero Trust architecture, including:
What is important to note here is that in a Zero Trust
• Identity-centric, wherein access policies are framed with
Model, every user must have their identity
identity as the control point,
thoroughly vetted for every individual access request
• Network-centric, where microsegmentation and creation
that they make, and are granted access only to
of micro perimeters using NGFWs or SDPs are done
authorised applications, based on the risk assessment
bearing in mind the identity of users, devices, and
of the user, device, and applications, for that specific
applications
request. This essentially means that without
• Cloud-based combination, which leverage cloud-based
discriminating on the basis of network locality or
access management and SASE/ Zero Trust Edge Solutions
externality, users are verified through a
comprehensive process, and their permissions for a
session may be terminated at any point of time based
on the risk and trust assessment posture.

Instasafe.com
The Road to Zero Trust

1. Audit Security Posture- Analyse whether your organisation has a relevant and pragmatic
Identity, Credentials, and Access Management strategy, which is in synchronisation with the
business needs of the organisation. Review whether or not all our resources are being
accessed securely

2. Inventory connected devices- Update your asset inventory, to log all managed as well as
To help organisations in getting unmanaged devices that have had access to your critical assets. Design a policy deigned to
started with a Zero Trust Strategy, urge all device users to update their devices in line with current security requirements
InstaSafe has come up with a 5
3. Classify, Identify, Catalogue- To garner a granular view of what occurs in the network, it is
step process for establishing a of paramount importance that enterprises classify, identify, and catalogue all traffic without
continuous authentication model distinction based on encryption or hopping. This step serves to stress on the “verify before
backed by microsegmentation: you trust” tenet that Zero Trust Network Access adheres to

4. Create Zero Trust Architecture and Policy- While it is conventional for a network design to
have creation of its architecture as the first step of its design, it must be understood that zero
trust is not a universal design, but highly customised, depending on the organisation adopting
it. Further, given that it is improbable for an organisation to undergo migration to a ZTNA
network in a single technology refresh cycle, it is absolutely necessary to perform the
aforementioned surveying steps in order to ensure a successful deployment. The entire Zero
Trust Policy may be designed using Ohno’s ‘Why?’ method

5. Continuous Monitoring, Continuous Improvement (Kaizen-ize) - Perform a deep dive

analysis of all incoming and outgoing traffic, to garner new insights for improvement.
Behavioural analytics help in early identification ad mititgation of threat vectors

Instasafe.com
 The Road to Zero Trust

The recipe for perfect Security: A continuous

assessment model

In 2010, Gartner came up with an extension of its adaptive • Security should always begin with, and be based
security framework that relied on a process of continual on Zero Trust
assessment of the risk and trust associated with an enterprise • Access should be contextual, based on multiple
entity. The CARTA approach, which is short for Continuous parameters, like the identity of the user, the
Adaptive Risk and Trust Assessment, required continuous device being used, the location of the user, the
visibility and automated access control, along with time of use, etc.
orchestration capabilities for security technologies. • Monitoring should be on an ongoing basis to
assess riskassociated with every separate access
Essentially, The CARTA approach: request; and access is adaptive and varies based
• Required continuous assessment and risk in order to secure on context
complete visibility over enterprise assets
• Includes both adaptive attack protection as well as access Essentially, a Zero Trust Model is not limited to the
protection point of initiation. To achieve true Zero trust,
security must rely on a process of continuous
While CARTA, by itself, has been around for quite some time, authentication, authorization, monitoring, and
the introduction and the rise of the Zero Trust approach has assessment. Security policies, thus, must be
brought it back into the spotlight. This is because while a Zero dynamic enough to contract from traditional
Trust approach is imperative in modern network settings, it is network perimeters and expand to software
only the starting point in an integrated and safe security journey defined perimeters.
for organisations. This means that limiting Zero trust to a one
time gateway where verification is required at the initiation of
every session, will result in fractured security. Zero Trust and
CARTA are irrevocably intertwined, in that each forms a key
pillar of the other:

Instasafe.com
 The Road to Zero Trust

Key Considerations while choosing a Zero Trust

Solution

What are the key considerations that every CIO/CISO should have
in mind while assessing Zero Trust Solutions for their
organisations?

Granular Control
Zero Trust doesn’t only encompass segmentation or continuous authentication and
assessment. It also indicates the ability to gain microscopic control over who accesses
what. Every permission needs to be accounted for, and that is only possible through
robust Zero Trust technologies.

Continuous Risk and Trust Assessment

A true Zero Trust approach involves the re-definition of network perimeters to include
individual users, their devices, and the applications they use, along with a continuous
dynamic assessment of the posture of these three entities. This helps in better visibility
over user and device behavior, and consequently, better identification of threat vectors

Cloud Native Security

Simply put, the cloud is the future. Be it while scaling up from smaller workforces to
larger ones, or moving to secure off-premise applications, cloud based security solutions
serve to be a cheaper, scalable, and secure alternative.

Instasafe.com
The Road to Zero Trust

Zero Trust for the Modern

Enterpise
InstaSafe has leveraged the conceptions of Zero Trust
Security and used the principle of a Software Defined
Perimeter to design its acclaimed solutions, which
enable secure access of applications anywhere, to
workforces anywhere

InstaSafe Zero Trust Application Access:

Seamless Zero Trust Access to Web, on premise, and cloud applications
through highly resilient application specific tunnels

InstaSafe Zero Trust Network Access:

Secure, segmented access to on premise resources and multicloud
environments with a single offering

InstaSafe Secure Access VPN Alternative:

Simplified Access to your workloads with our next gen intelligent VPN
replacement solutions that employ granular access control and all round
visibility

Instasafe.com
 The Road to Zero Trust

The shift of the perimeter- and of security- is

real

The shift of the network perimeter is an inevitable reality that With a defined approach based on two simple adages, ‘ Never
every organization must come to terms with. This inadvertent Trust, Always Verify’, and ‘Access on a Need to Know Basis’, a Zero
shift, driven by remote work and the adoption of the cloud, calls Trust Model serves to bring about equality and equity within a
for better approaches to security . Given the inefficacy of network infrastructure, assigning access only on the basis of the
traditional security, it is but apparent that Zero Trust will be the request and the posture of the user and device, instead of relying
guiding light for security in the next decade on preconceived notions of trusted or untrusted. With this novel
approach, Zero Trust is bound to become the next indispensable
part of security, and revolutionise security in a way that hasn’t
been seen since the advent of the VPN
Gartner predicts that by 2022, 80% of new digital
business applications opened up to ecosystem
partners will be accessed through zero
trust network access (ZTNA)

By 2023 60% of enterprises will phase out their

remote access virtual private networks (VPN) in
favor of ZTNA.
APPLICATIONS DEVICES

Given the current state of the modern enterprise, it has become USERS
all the more certain that Zero Trust is not a fad that will fade
away. Instead, it has become an enabler of digital transformation,
and an inevitable part of the move to the cloud

Instasafe.com
The Road to Zero Trust

About InstaSafe
InstaSafeʼs mission is to secure enterprises from the abuse of excessive trust and
privilege access. We empower organizations across to globe in preparing their
security infrastructure for digital transformation in a cloud-dominated world.
Recognised by Gartner as one of the top representative vendors providing Zero
Trust Security, InstaSafe Secure Access and InstaSafe Zero Trust Application
Access follow the vision that trust can never be an entitlement, to offer securely
enhanced and rapid access of enterprise applications to users situated anywhere
across the globe. We secure 500,000 endpoints for more than 150 customers,
spread across 5 continents, with our 100% cloud-delivered solutions, ensuring that
our offerings are in line with our mission of being Cloud, Secure, and Instant

Fastest Growing Tech Company Representative Vendor (Only one from Recommended Solution to Work from
in India, for 3 years in a row APAC), Recommended Solution to Work Home
from Home

Instasafe.com