Your Cloud Solutions Deserve Zero-Trust Networking

by David Landsberger | Feb 04, 2019

A padlock with lots of chains keeping a wooden door secureToo often cloud users get burned by their own cloud service providers when it comes to security. The marketplace has created a large demand around cloud security by allowing cloud service providers to sidestep the responsibility for securing the data as it sits within the facility. 

Sure, cloud service providers are still responsible for defending the physical server racks like a small militia, but when it comes to the far more likely prospect of a hacker infiltrating your systems, cloud service providers push the burden of responsibility back to you, the end user. Cloud service providers are not held to a high security standard when it comes to releasing their products, and they tend to have massive holes that need to be plugged with another solution.

More Properties Equals Greater Risk

Moving to the cloud does not increase your security. That would be like buying a second home with an expensive alarm system and saying your overall real estate portfolio is safer. And while the salesperson of the alarm system may say (or even believe) that it’s true, it’s not. We are talking about simple math. You used to have one environment to secure. Now you have two. That does not increase your security. In fact, it spreads out your risk and increases your attack vectors.

Add to that the nuances of accessing and transporting information from your main site to your cloud environment, or vice versa, and you have a tricky security issue on your hands.

Zero-Trust Networking for Your Cloud Solutions

Your cloud solutions deserve zero-trust networking. Zero-trust networking is a self-explanatory approach, but the way it is implemented and monitored is where you will find a major difference. 

It’s no longer enough to defend your network with a perimeter (firewall). While firewalls are important, how do they help you protect the information that already resides within your network? What do firewalls do to detect bogus process threats that are active in your network but remain undetected?

Even major routing players like Cisco are still in the process of closing off backdoors that they are only discovering from firewall hardware and firmware released years ago. This is why zero-trust networking is the only sane way to approach network security.

None of this is information is revelatory, but some of the solutions being deployed today are when it comes to extending this type of zero-trust networking approach to your cloud environment.

How to Apply Zero-Trust Networking to Your Cloud Solutions

Today there are context-based security solutions that will segment what assets can be accessed by end users. They depend on real-time factors, such as the following, and react to what’s taking place on the network and across the global cybersecurity landscape.

  • Location: If your employees and assets are in a country that is flagged by your company, assets will be restricted or blocked.
  • Network: Assets will be made available when accessed by an approved network. For example, the corporate network or virtual private network (VPN) may be approved, but public Wi-Fi or unknown networks may not.
  • User: Who are you, and what are you trying to access? What’s your title, what department are you in and why do you need to pull the asset from the cloud? Risk can be mitigated ​based on access credentials and a combination of the above factors.
  • Devices and Processes: Why are these two systems communicating? Does that communication make sense? Is it a logical and approved communication? If not, this can be blocked and logged.

Solutions like these take zero-trust networking out of the local area network (LAN) and into your dispersed mobile workforce accessing the cloud. It’s a nice maturation step for these security solutions as they look to become more intelligent and responsive reacting to policy.

Bringing Zero-Trust Networking on Premise

For all the focus on securing the cloud, be mindful that the bulk of cyberthreats happening across the globe are not nearly this sophisticated. 

Most cyberthreats and hacks are moving down the stack into firmware and inter-process communications. This is because most IT shops don’t watch inside the firewalls – they watch the firewall itself.

Threat actors are countering sophisticated cybersecurity solutions that attempt to look around all corners by dumbing down their breach efforts. The context-based solution discussed above can also help you monitor your inter-process communications.

In a zero-trust cloud-based networking solution, access privileges can be managed on not only end users, but also on the devices communicating with one another. Having policies in place can stop threat actors from landing successful attacks on your cloud assets.

There is no substitute for effective cybersecurity training for all employees. Logical and well-designed network segmentation, two-factor authentication and a vigilant end user can persuade most of the threat actors out there to find an easier target.

If you’ve implemented those basic steps to securing your network, then a zero-trust, context-based cloud security solution could be the next logical step to make your cloud platform as serious about security as you are.

Stay vigilant out there, folks.

Get the skills you need to secure networks with the certifications and training found along the CompTIA Cybersecurity Career Pathway.


  • David Aponte

    Friday, February 8, 2019

    Nice article

  • Dean Peters

    Saturday, February 9, 2019

    Dear CompTIA; Excellent article. Yet it leaves me to wonder why so many firms are rabid about cloud solutions. VDI's are marvelous for the mobile workforce. Your article and some of the training I received tell me these are expensive and even if one moves to the cloud they still require their own security garrison to watch the cloud. The Zero Risk approach is a sound one. Thank you.

  • Kyi Soe Lwin

    Monday, February 11, 2019

    Excellent article !!!

  • Direct Web Solutions

    Friday, February 22, 2019

    Very good read. In an every growing online community, security is always a growing concern of ours. I still feel that pushing to cloud services as a whole is making consumers too trusting of services and not realizing that they still need to take precautions. Cloud services like Google Drive and Dropbox are not inpervious to attack either but because of the size and ease of use, consumers often believe all cloud services are AS secure as those ones and leave little thought for security messures. I’ll definately look towards a zero tolerance policy in our cloud services as well

Leave a Comment

Boost your Career with a Certification

Find out more about our Certifications

How to get Certified

4 Steps to Certification

Already certified? Let us and others know!

Share Your Story