Featured Image

Zero Trust Architecture

Considering recent events involving SolarWinds’ cybersecurity breach, security has become one of the hot topics among IT professionals. When it comes to security, it even gets more complicated when things are in the cloud.
May 20, 2021

Considering recent events involving SolarWinds’ cybersecurity breach, security has become one of the hot topics among IT professionals. When it comes to security, it even gets more complicated when things are in the cloud. Now you have servers on premises and in the cloud that need to talk to each other to exchange data. And even within the cloud, you have applications that run on multiple cloud platforms. With more and more teams using containers and microservices to build applications that can scale better, developers need to pay close attention to security at all levels. Traditional DevOps teams need to work in a DevSecOps environment, where security is involved in all areas of development and where not just a single team is responsible for security. 

There is also a strong need for zero trust architecture when building applications that run on distributed environments. This means all users and systems should be treated as potential threats until they are properly authenticated. In other words, zero trust is like having checks at every door in the building, not just the main door. This strategy is great for distributed applications that run on multi-cloud environments, minimizing the attack surface. As a result, a hacker must break into multiple systems to gain access to information instead of one server that contains everything. The National Institute of Standards and Technology (NIST) recently published SP 800-204B, which provides guidelines for deployment architecture in cloud-native applications using service mesh. The attribute-based access control provides requirements for zero trust and robust access control when it comes to communication between any service. 

While building applications in the cloud is efficient, cost effective, and highly scalable, it is important to keep security involved at all stages of application development. Security should not be the responsibility of one team; it should be a mindset that is applied at all levels. Do not trust anyone or anything unless verified at each step. Multidimensional protection strategy, penetration resistance, and damage-limiting design approaches should be followed to achieve cyber-resiliency and survivability. Organizations should take a risk-driven view to reduce their trust surface and leverage a holistic portfolio of products and services.

PicturePicture
Author
Asim Mukhtar
Manager, Information Systems and Cloud Infrastructure
Recent technology News
New developments and enhancement in Motion control measuring devices and CNC software to achieve higher accuracies during high speed machining applications, including machine calibration.
Weld Spot Analytics (WSA) is a software solution that helps welding engineers in taking faster, more accurate decisions, and increase weld quality while avoiding inefficiencies and reducing wastes. Many are the challenges affecting welding operations...
Engineers at ATI Industrial Automation are used to designing sensors for tough conditions, but nothing compares to Mars’ subzero surface temperatures and rugged terrain.
Recently on IMTS spark, Matt Danford, senior editor of Modern Machine Shop, conducted the “Secrets to Running a Successful CNC Machining Business” session. He spoke with three past Top Shops honorees about how the Top Shops benchmarking program...
We recently spoke with Paul Ricard, co-founder and president of DP Technology Corp. about his career, the growth of the company, and its recent acquisition by Hexagon AB. DP Technology is a leading developer of computer-aided manufacturing (CAM)...
Similar News
Featured Image
Technology
By Jan de Nijs | Apr 01, 2021

When it comes to digital twins and digital threads, there is no widespread agreement what they are and how the can be expressed in terms of data artifacts. This presentation proposes a standards-based definitions...

40 min
Featured Image
Smartforce
By Greg Jones | Mar 25, 2021

By now, you’ve probably noticed that AMT has a whole new brand identity, including an updated look and feel across all of our departments, products, and services, and we recently relaunched the AMT website...

5 min
undefined
Technology
By Benjamin Moses | Mar 26, 2021

Episode 46: Benjamin and Stephen actually managed to keep an episode under a half hour for once! Steve jumps right into the global silicon shortage. Ben discusses how to assess the value of investing in robotics and automation.

30 min