What’s the difference between Zero Trust and perimeter security? We explore the benefits and limitations of both solutions, so you can find the best fit for your business. Explore our award-winning SD WAN solution here.

What is perimeter security?

A network perimeter represents the boundary between an organisation’s internal network (trusted zone) and external network (untrusted zone). It’s where data flows in and out. Traditionally, this boundary was physical (firewalls at network edge). However, with cloud services and remote access, this concept has evolved.

Perimeter security is based on the simple concept of blocking anything from getting in, and a common metaphor used is like castle and moat. Everyone outside is a threat, everyone inside is trusted. However, once an attacker is inside the walls, perimeter security, by design, simply cannot respond.

What is Zero Trust?

Traditional security systems employing perimeter security are being placed under exponential strain by the simple fact that networks are becoming more diversified, and companies’ data is being stored in more than one place, often due to the usage of cloud-based applications, as well as cloud-based redundancy for critical systems.

In order to cope with changing network access models, security systems have had to adapt to a concept that “all devices and applications that connect to servers and internal networks are potential threats, and should be treated as untrusted”. Below, we’ve summarised the key principles and characteristics of Zero Trust:

1. Continuous monitoring and validation

Trust is never assumed – whether inside or outside the network, a user or service must continuously prove their identity, regardless how often a service is used or how secure it may be.

2. Least-privilege access

Zero Trust follows the principle of ‘need to know’. Users and devices only get access to what they absolutely require. Much like physical rooms, you only get the key to the door you need, not the entire building.

3. Device access control and multi-factor authentication

Every device trying to access resources undergoes double checks, with Zero Trust verifying both who you are (user identity) and what you’re using (device identity). MFA adds an additional layer on top of this – even if one factor fails, the other keeps the door locked.

4. Micro-segmentation to reduce lateral movement

Zero Trust divides the network into smaller zones called segments. Each segment has its own security rules, preventing attackers from moving freely within the network. By limiting access and segmenting users, many more roadblocks are created. While certain segments may become compromised, this reduces the speed at which attackers may gain access to an entire network.

An emphasis on end-point security

Endpoints (physical devices that connect to, and exchange information with a computer network) are a key aspect to Zero Trust, and aim to prevent attackers at the first hurdle. Endpoint security centres on the management and authentication mechanisms of connected devices, and can:

  • Only enable authenticated devices to connect to a network
  • Disconnect the connection immediately if an abnormal connection is detected
  • Remove malware from infected devices

These capabilities are realised through a solution known as EDR (Endpoint Detection Response). With the recent proliferation of remote working and mobile work devices, EDR solutions are becoming increasingly essential.

Moving security to the cloud

Cloud-based security in Zero Trust includes security using Identity Access Management (IAM), which can manage connection authentication and access restrictions as introduced in the Zero Trust network, as well as security monitoring and access restrictions to the cloud service itself.

Improper configuration of cloud services can lead to data leakage, account takeovers, and the connection of unwanted third party applications. In order to strengthen cloud security management, administrators need to have a birds-eye view of, and control over, a large number of cloud services. Cloud Security Posture Management (CSPM) responds to these challenges, by continuously checking services for misconfigurations and violations of guidelines to improve consistency and control.

Introducing Zscaler’s SCPM

CSPM, developed by Zscaler, enables users to:

  • Visualise cloud misconfigurations and take countermeasures
  • Centralise compliance reporting and action excecution
  • Prevent application vulnerabilities
  • Secure their container environment

CSPM automatically identifies and corrects SaaS, IaaS and PaaS application misconfigurations to ensure compliance, while also helping prevent cloud misconfigurations and providing unified visibility and automated remediation.

In an era where service providers are offering attractive cloud solutions at low costs, a configuration that relies on a single cloud service is far from ideal from an availability and resiliency perspective. CSPM can automate management that would take an enormous amount of time to do manually, which as an issue that scales exponentially in multi-cloud environments.

We’ve partnered with Zscler to provide a Secure Web Gateway service, available as an addition to our Direct Internet AccessIP VPN and SD-WAN services, enabling all network traffic routes through Zscaler, where security policies are applied & managed by the end customer.

Instead of having a stack of security and network appliances such as Firewalls, load-balancers, DDoS protection, IDPs etc. on premise, all of these appliances are instead in the Zscaler cloud, enabling you to easily scale protection to all offices and users, regardless of location, easily categories and apply security policies, and to minimise network and appliance infrastructure cost.

Explore our Secure Web Gateway

Automated surveillance

In order to carry out detailed authentication, log collection, monitoring etc., it is extremely difficult (and increasingly expensive) to secure in-house IT or security resources, especially personnel. Many tasks ensuring good security practice are standardised to some extent, so they can be automated and streamlined.

One possible method is to use a SOAR solution. SOAR stands for Security Orchestration, Automation and Response. SOAR solutions automatically prevent and eliminate fraud, manage incidents and related tasks, allowing you to better manage tasks and workflows performed by help desks and security departments, and making recording and documentation far more streamlined.

The future outlook of perimeter security

The global perimeter security market is projected to grow at a compount annual growth rate of 6.1-10.3%, reaching a value of £124.5 billion by 2032. This growth is driven by the increasing need for perimeter security systems, with the growth in adoption of AI, ML and IoT technologies. Future trends in perimeter security include more advanced video analytics and increased collaboration between technologies.

Cloud-based security measures are becoming increasingly important as businesses continue to migrate to cloud environments. Gartner predicts that by 2027, 80% of vendors will offer cloud security posture management as a feature of their cloud security platforms, up from 50% in 2022. The Cloud Security Alliance has launched the industry’s first authoritative Zero Trust training and credential, the Certificate of Competence in Zero Trust (CCZT), indicating the growing importance of zero trust strategies.

Due to the shortcomings of standard perimeter security as mentioned in this article, it is likely that cloud-based Zero Trust security solutions are likely to become more prominent as time goes on.