The networks that Aumatics builds are a translation of Zero Trust. 'You want to maintain the balance between 'security and convenience', says Frank Kemeling, senior IT Engineer and Ethical hacker at Aumatics. 'That's why we apply Zero Trust network security. This is based on the idea that all network traffic is mistrusted, within a defined area.'
'You used to build a high wall around your network and hope that malicious people would stay out. With Zero Trust you also have security for external traffic, but you also don't rely on your own network and nobody.'
Everyone can see and read in the news that this approach is desperately needed. This is how water boards warn in an article from IT news site AG Connect that they are under constant attack.
'It is striking that they remove two groups of hackers', Frank remarks. 'The highly developed, organized hackers from Russia, China and South America, but also hackers closer to home. The so-called 'script kiddies', the bad boys who try everything and hardly know what they are doing. I get that, because they are also dangerous, because of the unpredictability and the large number of attacks they carry out.'
Exclude and allow with Zero Trust
The number of attacks on these types of corporate networks is also increasing; We see that on a daily basis at Aumatics. Frank: 'The good news is that Zero Trust is the effective method against this.'
Because we indicate at a detailed level what is allowed, you exclude what is risky. To start at the beginning, you need to force all traffic to pass through the firewall. But on top of that, you can further increase security. For example, that only devices with a certificate can talk to each other. Or that only certain file types can be exchanged, and so on. That's the situation you want: your firewall is the director of your network traffic.'
Are there exceptions? 'Always', is Frank's short answer. 'We are used for customization and every organization is different. Precisely with serial solutions, you limit convenience for users. You get errors of judgment in your IT Security and on the part of the user a lack of understanding about actions that cannot be done or that are unjustly prohibited. There may also be places where you tighten up the security a little less. For example, that you only apply Zero Trust at the device level.
Cost savings through customization
The tailor-made solution that is then offered also benefits scalability, because you need less capacity. Asking that question can also lead to cost savings.'
Organizations that have less budget, therefore, do not have to worry. Frank about this: 'It doesn't matter whether you use a firewall with large or small capacity with Zero Trust network security.
The capacity is the difference, but the quality of the solution is always of the same high level. At lower capacity, it is important that you keep an eye on the management burden. That way you keep control over your network and everything that happens on it.'
Palo Alto networks: founder of Zero Trust in practice
Zero trust is a starting point in the design of a business network. Bottom line is that on a network nothing is trusted unless there is an exception for it. That exception is pre-described, tailored, and applied to a corporate network.
Zero Trust was introduced by John Kindervag some 20 years ago. He realized that much of the network threats stemmed from the fundamental fallacy that all traffic on a network could be trusted.
By turning this around, you put a security shell over all traffic to and from your network.
Palo Alto Networks is a leading product developer and has quickly adopted the Zero Trust concept. Today, the approach is used by all major IT Security providers. Palo Alto solutions are successfully used at Aumatics for many customers. Read more about our approach and contact us