Featured Image

Zero Trust Architecture

Considering recent events involving SolarWinds’ cybersecurity breach, security has become one of the hot topics among IT professionals. When it comes to security, it even gets more complicated when things are in the cloud.
May 20, 2021

Considering recent events involving SolarWinds’ cybersecurity breach, security has become one of the hot topics among IT professionals. When it comes to security, it even gets more complicated when things are in the cloud. Now you have servers on premises and in the cloud that need to talk to each other to exchange data. And even within the cloud, you have applications that run on multiple cloud platforms. With more and more teams using containers and microservices to build applications that can scale better, developers need to pay close attention to security at all levels. Traditional DevOps teams need to work in a DevSecOps environment, where security is involved in all areas of development and where not just a single team is responsible for security. 

There is also a strong need for zero trust architecture when building applications that run on distributed environments. This means all users and systems should be treated as potential threats until they are properly authenticated. In other words, zero trust is like having checks at every door in the building, not just the main door. This strategy is great for distributed applications that run on multi-cloud environments, minimizing the attack surface. As a result, a hacker must break into multiple systems to gain access to information instead of one server that contains everything. The National Institute of Standards and Technology (NIST) recently published SP 800-204B, which provides guidelines for deployment architecture in cloud-native applications using service mesh. The attribute-based access control provides requirements for zero trust and robust access control when it comes to communication between any service. 

While building applications in the cloud is efficient, cost effective, and highly scalable, it is important to keep security involved at all stages of application development. Security should not be the responsibility of one team; it should be a mindset that is applied at all levels. Do not trust anyone or anything unless verified at each step. Multidimensional protection strategy, penetration resistance, and damage-limiting design approaches should be followed to achieve cyber-resiliency and survivability. Organizations should take a risk-driven view to reduce their trust surface and leverage a holistic portfolio of products and services.

PicturePicture
Author
Asim Mukhtar
Manager, Information Systems and Cloud Infrastructure
Recent technology News
In the age of digital manufacturing, data systems have become more critical. The migration to these services from physical or existing digital systems requires thorough planning and a solid connection to business processes.
As part of a new cybersecurity project, AMT hosted a webinar with a panel of experts focused on finding common ground between IT and OT.
At AMT’s 2021 MFG Meeting and MTForecast Conference, Richard Mason, president & CSO of Critical Infrastructure, will share his insight on cybersecurity in the manufacturing industry.
$10 billion toward cybersecurity. People are still trying to use unstructured data. Digital twins are putting in work. In-machine measurements. U.S. Marines and the additive boom.
Many in our industry are aware of the recent cyberattacks on Colonial Pipeline and JBS Foods. Both situations were ransomware attacks where the “bad actors” took control of all, or part, of the businesses’ computing resources until the ransom was paid.
Similar News
undefined
Technology
By Vanesa Powers | Sep 16, 2021

In the age of digital manufacturing, data systems have become more critical. The migration to these services from physical or existing digital systems requires thorough planning and a solid connection to business processes.

7 min
undefined
Technology
By Benjamin Moses | Sep 03, 2021

$10 billion toward cybersecurity. People are still trying to use unstructured data. Digital twins are putting in work. In-machine measurements. U.S. Marines and the additive boom.

5 min
undefined
Intelligence
By Bill Herman | Aug 24, 2021

AMT and GBM announce the launch of MT United, a joint venture of the two leading organizations to empower North American manufacturers with data, analysis, and strategic information for accelerated growth, innovation, and global competitiveness.

3 min