LVC training mandates a wide and highly connected network that connects a large number of users/devices to data/applications. Systems connect multiple locations and connect users/devices to data/applications that span from edge to cloud, taking a ZTA approach to the LVC network architecture is critical. Using the NIST ZTA (NIST SP 800-207) as a guide, with accurate and timely threat intelligence, LVC Networks can realize embedded security capabilities that enable the ecosystem (edge – network – data center – cloud) to operate as an integrated, secure platform.
Interconnecting multiple disparate devices and users to each other and across widely federated data and applications, LVC networks must be designed with the ZTA tenets in mind as described by NIST. ZTA has its roots in organizations that are geographically distributed or have highly mobile users and distributed edge nodes. ZTA approach to cybersecurity is critical as LVC objectives and demands necessitate greater connectivity to an increasing number of connected users, devices and sensors. An LVC network platform founded in the tenants of the NIST approach ensures interoperability via open standards while improving operational efficiencies that leverage visibility, automation, and the network platform.
ZTA approach enables risk reduction by constraining the adversaries’ operational space. As defined by NIST, the abstraction of policy via the policy decision point in the control plane allows the network platform’s logical components to communicate. Policy is executed via policy enforcement points located in the data plane as close to the “subject” or “resource” as possible – at machine speed. This approach spans across all the components of the LVC Network – including: training participants and support, user/device connections and connection of data and applications.
No application, participant, or device is provided access without establishing trust via the policy engine. Trust is built via multiple inputs computed in the control plane for the ultimate decision to grant access to a resource for a given subject – commensurate with the level of risk. Policy enforcement points (PEPS) are responsible for enabling, monitoring, and eventually terminating connections between a subject and an enterprise resource. PEPs enable granular micro-segmentation down to individual users, devices, sensors, data, workload and application.
Understanding logical components identified by NIST is essential for a successful ZTA implementation. Ensuring a robust, comprehensive LVC network platform that enables integrated, seamless policy decisions and policy enforcement is critical for modern cybersecurity. Integrating ZTA into holistic, end-to-end LVC architectures helps ensure mission success.