Seven steps for using zero trust to protect your multicloud estate

Commissioned Commissioned: If you're like most IT leaders, you are facing two uncomfortable realities. The first is that external and internal cybersecurity threats are proliferating from individuals, independent collectives and nation-state attackers. The second is that your computing operating models are becoming more complex, as their tentacles spread across multicloud environments.

Which makes protecting against the former reality infinitely more difficult. Because with so many distributed device, software and network access points, perimeter defense is no longer a viable option.

Rather, a complex multicloud landscape requires a zero trust approach to protecting data. Zero trust's central tenet is that there is perimeter and that the increasing sophistication of attacks and the growing distribution of digital assets requires a "never trust, always verify" stance to cybersecurity.

Best practices for crafting a zero trust strategy are well understood and rigorously documented. To better understand how to execute this sweeping defense, it's important to consider the scope of modern computing environments.

Multicloud sprawl

If your enterprise IT profile is like that of your peers, your software workloads are running in on-premises gear as well as a mix of public and private clouds. Maybe you also run assets in a colocation facility or at the edge.

If you preside over such a hodge podge you likely also manage a cybersecurity profile that is nightmarish in its complexity, littered with disparate protocols and security keys. As a result, most organizations struggle with data protection.

Seventy-two percent of 1,000 IT decision makers cited the inability to locate and protect dynamic and distributed data generated by DevOps and cloud development processes, according to the Dell Technologies Data Protection Index. Overall, 67 percent of those surveyed said they are not confident that they can sufficiently cope with ransomware and malware attacks.

Functionally, zero trust in a multicloud environment is like the security protocols people encounter as they navigate airports en route to their destinations.

People provide identification and pay for baggage check with a credit or debit card. Then they are scanned several different ways—some obvious and some discreet—as they wind their way through the screening process. Airport employees and federal security officials collaborate to authenticate passengers with considerable rigor.

Zero trust operates a bit like the airport security process, albeit across an exponentially larger and digital footprint. Sprawling hybrid and multicloud environments store data in a variety of locations, with each system leveraging its own security protocols.

Reconciling these challenges in diverse environments is hard. Extending the airport analogy, you might even say it's akin to changing the engine on a flying jetliner.

Fortunately, the U.S. Department of Defense offers 7 pillars, or a blueprint for a robust zero trust strategy defense. Those tenets include:

Defense is multilayered - and persistent

User. You'll continually authenticate, access and verify user activity patterns to govern users' access and privileges. This will help you protect and secure all interactions.

Devices. You'll institute real-time inspection, assessment and patching of corporate-issued laptops, PCs and other work devices informs every access request.

Applications and Workloads. You'll monitor and protect every software asset, including applications, hypervisors, virtual machines and containers.

Data. Central to the DoD's pillars, data is the great glue for all of your enterprise assets. If key data is comprised, you risk losing the corporate kingdom. You need total transparency and visibility across all of your data, which you'll secure with your infrastructure, apps, standards, encryption and data tagging.

Network and Environment. You'll segment, isolate and control the network with granular policy and access controls.

Automation and Orchestration. You'll define processes and policies for automating security responses, enabled by artificial intelligence (AI) and machine learning (ML), that helps ensure remediation based on intelligent decisions.

Visibility and Analytics. Your sprawling multicloud estate needs software sentinels watching for anomalous behavior. You'll implement tools that analyze all events, activities and behaviors to generate context. And you'll use AI and ML to improve detection and reaction time in making access decisions.

How zero trust safeguards multicloud environments

Applying these zero trust pillars is critical as you cultivate a multicloud-by-design strategy, in which application workloads are deliberately allocated across on-premises, public and private clouds, colos and edge devices, based on factors such as performance, security and cost.

You'll classify applications and data; segment networks to break up assets into smaller parts to limit the spread of malware; incorporate strong encryption and continuous monitoring; and institute access controls based on the principle of "least privilege," or granting users access to assets they need to do their jobs.

Your model will include backup and recovery services to help you geo-locate lost or stolen devices, remotely wipe them if necessary and recover devices from a snapshot. And in the event of a breach, the right cyber recovery systems help you remediate compromised data in a digital vault that is isolated, immutable and intelligent and features critical access management constraints.

By applying the multiple security measures incorporated in a zero trust model to an intentional multicloud strategy you'll ensure that your organization's data and applications are protected across a complex, distributed environment.

Above all, remember this key maxim as you bake zero trust into your multicloud strategy: "Never trust, always verify."

Learn more about our portfolio of cloud experiences delivering simplicity, agility and control as-a-service:  Dell Technologies APEX .

Commissioned by Dell Technologies.