How to Implement Zero Trust Security in Your Data Center
By: Blair Felter on August 5, 2019
Data security is a key concern for every organization. Whether it’s protecting information and applications stored in a network or safeguarding servers and other physical assets, companies want to have the reassurance that the infrastructure and data they rely on to deliver products and services is well protected. To meet these needs, many data centers have moved toward a Zero Trust security model.
What is Zero Trust Security?
Originally coined by Forrester Research, the Zero Trust model was originally developed to address vulnerabilities present in conventional software security architecture. The problem was that even though companies had invested substantial resources in defending their network perimeter, once hackers managed to get through those firewalls, they were able to move freely through the organization’s network. This was a byproduct of network design that assumed anything in the network was actually supposed to be there. Once someone gained access, there was no way to erect additional barriers to prevent them from accessing sensitive information.
The Zero Trust model redefines the role of the network perimeter. While outward-facing defenses like firewalls remain in place, Zero Trust network architecture doesn’t automatically assume that anything within the perimeter is trustworthy. Through a combination of micro-segmentation and granular perimeter enforcement, Zero Trust security architecture models require anything trying to connect to network systems to verify its identity before access is granted. Effectively, every system within a Zero Trust network functions as if it has its own secure perimeter, creating a multi-layered software security architecture that prevents malign actors from moving easily between systems.
Why Zero Trust Network Architecture Matters
Today’s network environment is multifaceted and multidirectional. Cloud computing applications and edge computing architecture allow people to access networks from a variety of locations over a multitude of devices. The security implications here are significant. Someone accessing the company cloud over the unsecured public WiFi connection at their local coffee shop could unwittingly provide a gateway for a hacker to gain access to the network. Similarly, a WiFi-enabled device that an employee brings in to connect to the office network might be (unknowingly) loaded down with harmful malware that could compromise data security.
A Zero Trust model reduces the risks posed by these situations by enforcing strict authentication standards upon all users. Organizations can set the level of scrutiny they’re comfortable with, but the basic premise is that even if something or someone slips through the network perimeter, the amount of damage that can be done before that unauthorized access is detected is greatly limited. Any access request will immediately create alert notifications, allowing network administrators to identify potential breaches and shut out unauthorized users quickly.
Zero Trust and Data Center Security Standards
While the Zero Trust model was originally conceived of as a network security architecture, data center physical security standards can incorporate many elements of Zero Trust to better protect colocated assets. Conceptualizing the physical elements of a data center as a network, Zero Trust network architecture can be applied to build layered security systems that ensure only authorized users have access to core functions of the facility.
Like a computer network, it all begins at the perimeter. Having a strong perimeter defense such as fencing, surveillance cameras equipped with motion sensors, and gate access staffed 24x7x365 by security personnel should ensure that only authorized visitors can even approach the data center. Even if someone does manage to get past those outer defenses, they must still contend with additional security measures such as locked doors, security checkpoints, and various monitoring systems. At every turn, the appropriate credentials must be presented to verify that a visitor is authorized to be there. Bypassing one or two layers of security may be possible, but getting through up to six or seven is much more difficult, if not impossible.
Zero Trust principles inform many logical data center security standards. Multifactor authentication, which requires users to present multiple forms of verification, is one of the most common ways that data centers apply Zero Trust. In order to pass through security checkpoints, visitors must provide specific credentials that are very difficult to fabricate. These credentials can take a number of forms:
Something You Know: A password or unique code, preferably generated randomly to avoid anyone being able to easily copy or memorize it.
Something You Have: A unique item, such as an access card, key, or fob of some kind. These items are strictly accounted for and are difficult to replicate.
Something You Are: A biometric identifier of some sort, which could include a fingerprint, facial structure, or iris pattern. Biometric scanners like thumb readers and facial-recognition programs are used to judge whether the person seeking access has the biological traits that match those on file.
Zero Trust for Better Data Center Security
Data centers that embrace a Zero Trust model can provide colocation customers with assurances that both their networks and their physical IT assets will be protected from unauthorized access behind multiple layers of physical and logical security. And with intelligent monitoring tools like vXchnge’s award-winning in\site platform, they can easily manage that access remotely. Granting or revoking access is as simple as pulling up a portal menu, allowing customers to make changes to their access lists quickly and easily without having to go through a lengthy administrative process with their colocation facility.
With Zero Trust security in place, data centers can provide the same peace of mind colocation customers have come to expect from managing their own private data solutions. Thanks to the sophisticated logical security technology they can deploy, these facilities have the ability to fully embrace the potential of the Zero Trust model.
About Blair Felter
As the Marketing Director at vXchnge, Blair is responsible for managing every aspect of the growth marketing objective and inbound strategy to grow the brand. Her passion is to find the topics that generate the most conversations.