Agencies Need to Move to a Software-defined Perimeter to Achieve Zero Trust
Featuring Chris Townsend, the Vice President of Federal at Symantec.
A software-defined perimeter defines what you can access, the level of granularity, least privilege, and it does so in the way that we're implementing it. You have cloud applications you want to access, so it defines what cloud applications you can access and once you get into those cloud applications, what you can do with web applications you need to access. So that integrates with your proxy capability to make sure that the web applications you're accessing, you're doing so within the security policies of your organization.
And then you've got on-prem applications that you need to access. A VPN today, once you're in, you're in. Software-defined perimeter provides you least privilege access, and you can enforce your security policy at a very granular level.
If you think about how security environments were built out, they were built somewhat reactively. If you had a threat, you go evaluate the tool to solve the problem, and you go buy the tool. What happens is a lot of vendors have made acquisitions, built additional capabilities into the tools over time, and if you put up a Venn diagram, there's 65 or 70 percent overlap in capability between multiple tools in your environment. So the cost and complexity of operating all of these tools is really unsustainable.
And then you think about the limited number of cyber analysts that you have in your environment, and now the analysts are tasked with integrating all this information and evaluating that information to figure out what they really need to be focused on. We need to simplify the environment.