Connect with us

Hi, what are you looking for?

Business

Many cloud service providers struggle to enact Zero Trust policies

Zero Trust refers to an evolving set of cybersecurity paradigms that move defences from static, network-based perimeters to focus on users.

Image: © Jonathan Nackstrand, AFP
Image: © Jonathan Nackstrand, AFP

In recent months the White House has announced a new Federal strategy to adopt a Zero Trust approach to cybersecurity. One of the key aims is for the private sector to adapt to the continuously changing threat environment. This means that corporations must ensure their products are built and operate securely.

The paper also presents a social democratic public-private approach to address market failures (“cybersecurity requires more than government action”), calling on firms to partner with the Federal Government to foster a more secure cyberspace.

Of particular interest is the NIST 800-207 portion of the memorandum, where the aim is to help to reduce the cyber risk posed by distributed workforces and data.

Zero Trust refers to an evolving set of cybersecurity paradigms that move defences from static, network-based perimeters to focus on users, assets, and resources. To support this, Zero Trust Architecture is required, where Zero Trust principles are used to plan industrial and enterprise infrastructure and workflows.

Craig Mueller, of iboss, tells Digital Journal that to achieve the aims of the memorandum will be challenging for many companies and that additional resources will be required to support the recommendations.

As Mueller explains: “Cloud Service Providers (CSPs) that cannot make all applications and resources private, including those in the cloud, will fail to reduce cyber risk and deliver on the Zero Trust model as outlined in the NIST Special Publication 800-207 mentioned in the memorandum.”

Therefore, to meet the aims, Mueller recommends: “Cloud Service Providers will require a containerized cloud architecture to ensure cloud applications become completely isolated and only accessible specifically to trusted users.”

Mueller sees cloud-based containerized architecture as critical for cybersecurity, with the aim of keeping organizations safe without impacting their productivity. Cloud-based containerized architecture packages software and its dependencies in an isolated unit (the ‘container’), which can run consistently in any environment.

Furthermore: “With a containerized architecture, the federal government can implement the goals of the memorandum and ultimately protect and isolate all resources, regardless of location, while granting access to those resources to trusted users working from anywhere.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Google consumed 56 times more electricity last year to keep its global operations running than ChatGPT uses annually to handle user prompts.

Life

Smoking is responsible for roughly 85 percent of all cases of lung cancer, the deadliest cancer worldwide.

Entertainment

Emmy award-winning actors Eric Martsolf ("Days of Our Lives") and Eva LaRue ("The Young and The Restless" and "General Hospital") star in the short...

Tech & Science

Civil society organizations will call on major tech firms to bolster their AI policies to combat "sexist and misogynistic" disinformation.