According to Dell, the Project Fort Zero solution builds on the momentum of the company’s Zero Trust Center of Excellence and partner ecosystem to accelerate zero trust adoption, and is designed to solve integration and orchestration issues that organizations experience when adopting zero trust solutions from different vendors.

“Zero Trust is designed for decentralized environments, but integrating it across hundreds of point products from dozens of vendors is complex – making it out of reach for most organizations,” said Herb Kelsey, industry chief technology officer, government, Dell Technologies. “We’re helping global organizations solve today’s security challenges by easing integration and accelerating adoption of Zero Trust.”

The solution, part of the Dell Security portfolio, will be validated by the U.S. Department of Defense and evaluated against the department’s Zero Trust reference architecture.

According to Dell, the company along with an ecosystem of more than 30 leading tech companies, will deliver the Zero Trust solution within the next 12 months.

The company says Project Fort Zero has a variety of use cases, including in on-premises data centers for mission-critical organizations, in remote or regional locations such as retail stores, and in the field in places with intermittent connectivity such as airplanes or vehicles.

Along with Project Fort Zero, Dell says it is expanding its security portfolio with Product Success Accelerator (PSX) For Backup, a new service designed to help organizations protect data and recover data in the event of an attack or other disaster.

According to Dell, PSX for Backup simplifies the implementation and maintenance of backup environments to enable data recovery. Its release follows the recent release of PSX for Cyber Recovery, which is designed to implement and operationalize an isolated cyber recovery vault.

Customers can choose from three levels of backup or recovery based on their needs, with each providing different levels of planning, workshops, assessments and operational assistance.

PSX for Backup is available now across North America, Europe and Asia Pacific.

The post Dell’s Project Fort Zero Will be a Fully Configured Zero Trust Solution appeared first on My TechDecisions.

However, implementing zero trust can seem like a daunting task given how zero trust is a policy and not a tool or solution that can achieve that level of security all at once. An organization’s zero trust strategy should be constantly evolving and becoming more secure over time. There are a variety of different technologies and solutions that are designed to address zero trust principles, but there is not one solution that achieves them all.

That’s why we spoke to Chalan Aras, managing director of Deloitte’s Cyber and Strategic Risk unit, about where organizations should begin on their zero-trust journey. The interview comes after Deloitte released the results of a survey on challenges of zero trust adoption, which found that compatibility issues with legacy systems is the greatest challenge to zero trust adoption.

Solving those complex issues and implementing zero trust can seem challenging, but IT leaders can begin their organization’s zero trust journey and take first steps in a few key areas, Aras says.

Assess the current infrastructure

According to Aras, organizations should begin by assessing their current IT infrastructure, which has undoubtedly changed and become more complex over the last few years as organizations adopted cloud solutions in response to the pandemic and remote work.

In addition, changes to company structure such as mergers, growth or divestitures can make IT environments even more complex. This mix of legacy systems and cloud technologies makes visibility so much more important, Aras says.

“Not every IT leader has a full picture of what they have,” Aras says. “I think it’s a good investment of time and resources to get a basic landscape of where you are.”

In addition to zero trust considerations, assessing the current IT environment can give IT leaders a better sense of where security gaps exist, which can be addressed before embarking on a zero-trust journey.

Identity and access management

After developing an overview of the current IT infrastructure, a good place to start implementing zero trust policies is identity and access management. According to Aras, zero trust is heavily driven by securing identities, but IT’s first step should be defining those users and assign them profiles and groups based on level of access.

Aras calls that work a “foundational element” of zero trust architecture. Deloitte’s survey also found that identity and access management was the second most important priority when implementing zero trust. First was data security, but Aras calls data insecurity the consequence of insecure identities.

Controlling and securing identities allows for better data security to control access to that data.

“Before the pandemic, you didn’t know who was doing what, and people could be copying and downloading valuable enterprise data,” Aras says. “Data security is the outcome, but to get there, you need identity and access management.”

Identity profiling, role definitions and application mapping should then be implemented on a modern identity system, Aras says.

VPN elimination

Virtual private networks (VPNs) were once thought to be a viable secure remote access solution for enterprises, but they can’t scale or provide sufficient security for distributed workforces, experts say. That’s why Aras says eliminating VPNs in favor of zero trust-based access is a common first step in implementing zero trust.

According to Palo Alto Networks, VPNs were designed to grant complete access to a LAN via a private, encrypted tunnel for remote employees to connect to the corporate network. However, this then gives a user access to anything on the network, leading to security gaps and policy enforcement issues, as well as a lack of visibility into a user’s access.

IT analyst firm Gartner, for example, says Zero Trust Network Access (ZTNA) is quickly eliminating the need for VPNs for secure access, with the analyst firm predicting that by 2025, 70% of new remote access deployments will be served by ZTNA compared to VPN services.

“VPN elimination to zero trust-based access tends to be a very high-value first change,” Aras says. “At that moment you gain better visibility and you can apply things like continuous authorization and reviews, and you can apply fine-grained policies.”

Where SASE fits in

Much has been made of secure access service edge (SASE) deployments in recent headlines as tech vendors begin to release all-in-one, single-vendor SASE solutions designed to take the complexity out of the equation.

While zero trust is a strategy or policy designed to eliminate automatic trust from a network by scrutinizing access at a granular level, SASE is the technical framework with which organizations can move closer to zero trust network access (ZTNA), Aras says.

According to Gartner, SASE delivers converged network and security as a service capabilities, including SD-WAN, SWG< CASB, NGFW, and of course, ZTNA.

“SASE is primarily delivered as a service and enables zero trust access based on the identity of the device or entity, combined with real-time context and security and compliance policies,” Gartner says.

From there, organizations can begin to think about application segmentation and other more advanced actions.

Zero trust is a journey

With threat landscapes and IT environments constantly changing, organizations should not be complacent in their current stage of zero trust implementation. However, before they take thier first steps in implementing zero trust, IT leaders need to understand they can’t make these sweeping changes overnight.

“It is a multi-part journey,” Aras says, adding that IT leaders must also consider the end-user impact of zero trust implementations.

Alongside end users, IT leaders must also consider their organizations’ business needs as the organization grows.

For example, a business could begin working with more third parties, service providers or vendors that need some level of access, thus requiring zero trust to be applied to that growing complexity.

“Part of the journey is understanding how your business operates within this next context and applying zero trust to your current needs,” Aras says.

The post First Steps to Take for Zero Trust Implementation appeared first on My TechDecisions.

According to the Boston-based firm, its is launching federated identity management with ZTNA for secure remote computing designed to protect and connect users across virtual desktop infrastructure, desktops-as-a-service and end-user applications in AWS environments.

The Leostream ZTNA-enabled Remote Access Desktop Platform is designed to enhance the security and management of end-user computing workloads in AWS with strict authentication and least-privileged access policies to ensure data remains locked in the corporate network. In addition, the platform works across on-prem and cloud environments to provide consistent levels of security, authentication, control and access tracking.

In addition to better protection for AWS users and data, Leostream says key benefits of its ZTNA for AWS solution include simplified IT with automated privileged access management, streamlining of user access with SSO solutions, improved productivity, elimination of VPNs and increased visibility into what users and devices are accessing.

The company bills the platform as a “single-pane-of-glass admin console” that simplifies the management of users and IT assets with real-time dashboard access to view usage and environment details.

According to Leostream, the company minimizes the risk of cloud instances being breached when not in use as the platform’s cloud orchestration tools launch, terminate, and power off instances in the cloud automatically, based on user need, which also helps control AWS compute costs.

Leostream CEO Karen Gondoly, in a statement, says remote or hybrid work models create security gaps, which the company’s ZTNA-powered platform can help close.

“AWS enables large user pools and diverse workloads, and with Leostream as the gatekeeper, organizations can enforce strict authentication to lock down environments while ensuring employees maintain access to the appropriate resources and the performance they need,” Gondoly says.

The post Leostream Announces ZTNA Platform for AWS appeared first on My TechDecisions.

According to the company, AWS Verified Access reduces the risks associated with remote connectivity by enabling customers to implement a work-from-anywhere model in a secure and scalable manner.

AWS first announced AWS Verified Access during re:Invent 2022 when it was released as a preview, and the company has since added two new features to enhance the product: an integration with AWS Web Application Firewall and support for passing signed identity context to application endpoints.

According to AWS, Verified Access’ integration with AWS Web Application Firewall (WAF) protects web applications from application-layer threats. This allows users to filter out common exploits such as SQL injection and cross-site scripting using AWS WAF while enabling AWS Zero Trust based fine-grained access for applications using user identity and device security status.

“AWS WAF lets you monitor the HTTP(S) requests that are forwarded to your protected application endpoints,” the company says in a blog. “You do this by defining a web access control list (Web ACL) and then associating it with one or more Verified Access instances you want to protect.”

The company says AWS WAF is enabled on a per Verified Access instance basis and adheres to the rules IT professionals define for application endpoints. When a user requests access to an application behind Verified Access, AWS WAF will inspect the HTTP request. Using AWS WAF rule statements, IT can provide matching criteria and the action to take on matches, including permitting or blocking the traffic. AWS WAF permits or blocks the traffic before handing the traffic over to Verified Access for an endpoint policy evaluation.

In addition, Verified Access now supports passing signed identity context to application endpoints. Previously, users would request access to the application behind Verified Access with both identity and device claims, but the claims were not available to the end applications.

Verified Access now passes signed identity context, including things like email, username and other attributes from the identity provider to the applications, AWS says.

“This enables you to personalize your application using this context, eliminating the need to re-authenticate the user for personalization,” the company says. “The signed context allows the application to verify cryptographically that Verified Access has authenticated the request.”

After Verified Access authenticates the user successfully and permits the request, it sends the user claims received from the identity trust provider to the application endpoint. Verified Access signs the user’s claim so that applications can verify the user’s identity and sends an HTTP header (x-amzn-ava-user-context) to the application endpoints in the format of a signed JSON Web Token (JWT). These claims are received by either the organization’s OIDC provider or the AWS Identity Access and Management (IAM) Identity Center.

Read the company’s blog to learn more about migrating applications to Verified Access and common use cases.

The post AWS Verified Access is Now Generally Available appeared first on My TechDecisions.

According to new research from business management consulting firm Deloitte, legacy systems and environments are the greatest challenge to adopting zero trust, with 44.6% of executives agreeing to that sentiment.

However, these organizations plan to forge ahead with their zero trust plans due to increases in cyber threats (30.1%) and the need to better manage third party risks (25.1%), according to Deloitte’s research.

Further down that list of drivers of zero trust adoption include  managing workforce-related risks such as remote work and insider threats (17.2%), managing risks due to cloud adoption (15.1%) and managing elevated cyber risks due to geopolitical conflict (4.8%).

However, organizations far and away cited complexity and compatibility issues with legacy systems and environments as the top challenge to successful implementation of zero trust, with nearly 45% of executives agreeing.

Within zero trust adoption programs, organizations are most likely to prioritize enhancements focused on data security and identity and access management, which came in at 26.1% and 21.5%, respectively. This isn’t surprising given the importance of responsibly handling data and protecting user identities.

Also cited as important in zero trust adoption efforts include SASE implementation (13.9%), network segmentation (13.3%) and endpoint controls improvements (9.3%).

While legacy IT infrastructure can be challenging when implementing zero trust, they are also a primary driver, says Andrew Rafla, Deloitte’s Risk and Financial Advisory’s Zero Trust offering leader.

“You cannot replace a mainframe over night, but you can rapidly change how that environment is accessed to significantly reduce risk,” Rafla says. “It is also possible to reduce friction for end users by limiting disruption to their native experiences and enhancing IT operational efforts associated with the adoption of modernized controls.”

The post What is Holding Up Your Zero Trust Implementation? appeared first on My TechDecisions.

Together with the Maryland Innovation Security Institute (MISI), Zero Trust Center of Excellence, Dell is constructing an advanced private cloud solution focused on integrating and orchestrating security for customers. The approach will help organizations implement the technology and tap the expertise needed to build and configure the architecture, says the company in a blog post.

It will bring together technology and capabilities from partners including Corsha, Gigamon, Juniper Networks, MISI, Nomad GCS, NVIDIA, Palo Alto Networks, VMware and others. By replicating the Department of Defense-approved architecture with technology from leading providers, the company says its enabling organizations to defeat cyber criminals while meeting the U.S. government’s Zero Trust mandate.

Meeting Zero Trust Ecosystem Department of Defense Requirements

The ecosystem will help execute the Department of Defense Zero Trust requirements, including capabilities such as:

• Continuous authentication: Continuously authenticates user access using multifactor authentication.
• Comply to connect, device detection and compliance: Any device attempting to connect to a network or access a resource is detected and assessed for compliance status.
• Continuous monitoring and ongoing authorization: Automated tools and processes continuously monitor applications and assess their authorization to determine security control effectiveness.
• Data encryption and rights management: Data rights management tooling encrypts data at rest and in transit to reduce the risk of unauthorized data access.
• Software defined networking: Enables the control of packets to a centralized server, provides additional visibility into the network and enables integration requirements.
• Policy decision point and policy orchestration: Collects and documents all rule-based policies to orchestrate across the security stack for effective automation.
• Threat intelligence: Integration of threat intelligence data with other security information and event management (SIEM) data provides a consolidated view of threat activity.

“Zero Trust is a journey, and the destination is a well-defined set of integrated and automated security activities,” said Herb Kelsey, security strategy program lead at Dell Technologies. “The partner ecosystem is a critical component of the Dells project to scale an end-to-end validated Zero Trust solution for organizations worldwide.”

The company plans to share more on its Zero Trust strategy at its Dell Technologies World 2023 tech conference in Las Vegas, May 22-25, 2023.

The post Dell Technologies Accelerates Zero Trust Adoption with New Ecosystem appeared first on My TechDecisions.

While designed for federal agencies, any organization can review the guidance and apply the protections to their infrastructure to help keep malicious actors out of their networks and devices by implementing the principle of least privilege and authenticating identities and users.

The updated guidance essentially considers the reality that not every organization begins their zero-trust journey from the same starting point. The new version of the Zero Trust Maturity Model includes a new stage called “Initial” that can be used as a guide to identify maturity for each pillar, the agency says.

CISA also added several new functions and updated existing functions in all four stages of maturity (Traditional, Initial, Advanced and Optimal) to consider when organizations plan and make decisions for zero trust implementation.

Read Next: Your Guide to Implementing a Zero Trust Network Architecture

The updates to CISA’s zero trust guidance come as a result of the 2021 public comment period, and the agency also published its response to those comments and summarizes the comments and modifications made from that input.

According to CISA, the updated model provides a gradient of implementation across five zero trust pillars (identity, devices, networks, applications & workloads, and data) to facilitate implementation and help organizations make minor advancements over time.

“CISA has been acutely focused on guiding agencies, who are at various points in their journey, as they implement zero trust architecture,” says Chris Butera, CISA’s technical director for cybersecurity, in a statement. “As one of many roadmaps, the updated model will lead agencies through a methodical process and transition towards greater zero trust maturity.”

Butera reiterates that the Zero Trust Maturity Model is intended for federal civilian agencies, but all organizations can review the document to guide them on their zero-trust journey.

The post Check Out CISA’s Updated Zero Trust Guidance appeared first on My TechDecisions.

According to Beyond Identity, several industry-leading security companies are backing the creation of Zero Trust Authentication, including Palo Alto Networks, CrowdStrike, Optiv, World Wide Technology, Guidepoint Security, BeyondTrust, Ping Identity and Climb Channel Solutions.

Beyond Identity says Zero Trust Authentication has been developed in response to the failure of traditional authentication methods and the increasing number of cyberattacks. Zero Trust Authentication, the company says, will help organizations overcome limitations of passwords and legacy mutli-factor authentication (MFA) and implement more robust security strategies.

The company says Zero Trust Authentication includes components such as its risk scoring and continuous authentication capabilities.

In addition, Beyond Identity and the other cybersecurity leaders are launching the Worldwide Zero Trust Leadership series of events that will run through 2023.

In a statement, Tom Jermoluk, CEO and co-founder of Beyond Identity, says security leaders have realized that the industry needs to formally bring identity and access management into the industry.

“We are bringing together the leaders from the essential technology categories to ensure authentication decisions are risk based and continuously informed with signals from the wealth of existing cybersecurity tooling,” Jermoluk says. “Through close technology collaboration and now go-to-market collaboration in this Zero Trust Leadership series, we are delivering strong authentication built for an ‘always on’ zero trust world coupled with the practical advice and best practices so that enterprises can finally close identity and access management vulnerabilities.”

The group of cybersecurity firms has defined a set of practical requirements that organizations can use to measure their identity practices and adopt to protect workforce and customers, including:

1. Passwordless – No use of passwords or other shared secrets, as these can easily be obtained from users, captured on networks, or hacked from databases.
2. Phishing resistant – No opportunity to obtain codes, magic links, or other authentication factors through phishing, adversary-in-the-middle, or other attacks.
3. Capable of validating user devices – Able to ensure that requesting devices are bound to a user and authorized to access information assets and applications.
4. Capable of assessing device security posture – Able to determine whether devices comply with security policies by checking that appropriate security settings are enabled, and security software is actively running.
5. Capable of analyzing many types of risk signals – Able to ingest and analyze data from endpoints and security and IT management tools.
6. Continuous risk assessment – Able to evaluate risk throughout a session rather than relying on one-time authentication.
7. Integrated with the security infrastructure – Integrating with a variety of tools in the security infrastructure to improve risk detection, accelerate responses to suspicious behaviors, and improve audit and compliance reporting.

Beyond Identity and its partners are also bringing this practical advice directly to customers and channel partners to major events like RSA and Black Hat, and key cities across North America and Europe over  2023.

The post Beyond Identity, Cybersecurity Companies Launch Zero Trust Authentication Push appeared first on My TechDecisions.

According to the company’ announcement, Dell is expanding the capabilities of its managed detection and response offering with Managed Detection and Response Pro Plus, a new fully managed security operations solutions designed to help organizations prevent and deal with cyberattacks.

The company says the solution protects endpoints, infrastructure, software, hardware and clouds with 24/7 threat detect detection and investigation while identifying vulnerabilities and prioritizing patching.

The solution also includes breach and attack simulations, penetration testing, year-round cybersecurity training and incident recovery care.

In addition to the new managed service offering, Dell is adding CrowdStrike Falcon into its SafeGuard and Response portfolio, giving customers access to the cloud-native security platform that offers an extended suite of defense tools to accelerate threat investigation and response. The solution covers endpoints and cloud workloads, identity and data.

Dell is also launching a cloud-based version of its Secured Component Verification (SCV) offering to give enterprise customers added security assistants when their PCs arrive as they were ordered and built from the factory.

To help organizations prepare for cyberattacks, the company is also launching Product Success Accelerator (PSX) for Cyber Recovery, a new service designed to streamline the implementation of amore secure, isolated cyber recovery vault so organizations can protect critical data and maintain business continuity.

According to the company, PSX for Cyber Recovery is the first standardized, outcome-based service available within the new PSX family. The service includes three levels of assistance from which customers can choose:

• Ready includes planning workshops, installation and configuration of a Dell Cyber Recovery vault, a runbook, a success plan and cybersecurity skills training
• Optimize adds quarterly vault assessments, recommendations for the environment, including updates, patches and policies, and assisted restore test simulations.
• Operate adds ongoing operational assistance to monitor and investigate activity, initiate corrective actions and provide support in the event of a cyberattack

These new services and offerings are now available in the U.S. with the exception of Dell Secured Component Verification on Cloud, which will be globally available for Dell commercial PCs in May.

The post Dell Launches New MDR Solution, Security Services appeared first on My TechDecisions.

Matthew Prince, co-founder and CEO of Cloudflare says, “Today’s CISOs are tasked with securing a complex matrix of applications, tools, and devices that inherently require a zero trust approach. We want to make it as easy as clicking a button for companies to bring zero trust security everywhere their business needs it.”

With today’s security landscape, businesses are forced to integrate with dozens of offerings, making it harder to integrate zero trust security across all of a company’s websites, employee applications and corporate networks. As a result of Cloudflare’s latest integrations, companies can now embed zero trust security insights more deeply into more of the tools and applications their business and employees rely on.

With Cloudflare’s latest zero trust integrations integrations, businesses can:

• Protect tools employees use to collaborate: By integrating Cloudflare One with Atlassian’s collaboration tools – including Jira Software and Confluence – businesses can scan, detect and surface security issues quickly to secure private, internal data.
• Protect sensitive data using existing Microsoft Labels: Cloudflare One customers can sync their Microsoft Information Protection labels to create policies that enable them to detect, monitor or block the movement of sensitive corporate data using Cloudflare Data Loss Prevention (DLP).
• Give security teams more precise and actionable security insights: Sumo Logic Cloud SIEM delivers automated normalization and correlation of zero trust logs for Logpush. Available as out-of-the-box parsers, customers can accelerate the triage process for security analysts by converging security and network data into high-fidelity insights.

“Preventing data breaches is a critical business need in today’s threat landscape. Categorizing your sensitive data and ensuring it doesn’t leave the enterprise are the two sides of data security,” says Hammad Rajjoub, director of product marketing, data security, compliance and privacy ecosystem at Microsoft. “Cloudflare has built integration with Microsoft Purview Information Protection to make this process seamless providing CIO teams proactive security with in-depth defense and higher automation to deal with the changes around how we work.”

John Coyle, SVP of business development at Sumo Logic says, “As a long time Cloudflare partner, we’ve worked together to help joint customers analyze events and trends from their websites and applications to provide end-to-end visibility and improve digital experiences. We expand this vital partnership to provide real-time insights into the zero trust security posture, a critical component for holistic visibility, threat prevention and rapid investigations.”

The post Cloudflare Adds Zero Trust Integrations with Atlassian, Microsoft & Sumo Logic appeared first on My TechDecisions.