Microservices architecture is a convenient way to silo different software services compared to traditional software architecture and design. However, with multiple microservices communicating amongst each other - the attack surface of the network is greatly increased. The security of such a system depends on the security of all the services. Any deviation in the system’s security ultimately undermines the integrity of the entire network.
On Jan. 26, the Office of Management and Budget (OMB) published its widely anticipated final version of its zero trust architecture strategy, identifying top cybersecurity priorities for the federal government. This achievement raises the country’s cyber defense strategy to a level commensurate with the “increasingly sophisticated and persistent threat campaigns” it faces.
The nature of business today is increasingly decentralized. Cloud applications are exploding. Data is everywhere. And a large number of users will continue to work remotely even post-COVID-19. While all of these things increase business agility, they also increase an organization’s attack surface. The concept of Zero Trust is generating a lot of buzz as a panacea for these new risk exposures—and for good reason.
In a world driven by digital business, enterprise security needs to be continuously monitored and improved to keep up with evolving cyber-threats and to ensure data protection across the web. As the corporate, office-based workforce evolves to become more permanently remote, increased access control to business assets is needed for those both within and outside of the company network.
Since the 1990s, the federal government has been issuing guidelines and recommendations for security via their 800-Series Special Publications. While some of those guidelines became mandates, things have largely inched forward, instead of making any dramatic leaps. OMB’s new memorandum M-22-09, “Moving the U.S. Government Towards Zero Trust Cybersecurity Principles,” is changing this pattern, and setting deadlines for implementation across the government.
For almost two years, IT leaders have been consumed with digital transformation efforts in the wake of COVID. With this new pressure, business leaders have needed to design a holistic strategy for the company’s IT transformation and reallocate budget and personnel towards modern cloud-based technologies. COVID not only accelerated digital transformation efforts but also permanently dispersed the workforce away from offices, away from secure data centers and networks to remote locations.
According to Microsoft, Zero Trust is now ‘the top security priority’ for 96% of the interviewed security decision makers, while 76% were currently in the process of implementation. 90% of those interviewed stated that they were ‘familiar’ with Zero Trust and able to pass a knowledge test. The nature of this test and the appropriate right answers weren’t provided.