How to simplify your governance and address the challenges of ‘Zero Trust’

Published by Gabrielle Guerrini on

How to simplify your governance and address the challenges of 'Zero Trust'

As the digital transformation of businesses opens up new possibilities and makes operational activities more flexible and complex, it has become crucial to maintain control over what is one of today’s most sensitive assets: corporate data.

Our new digital uses, such as the exploitation of teleworking, mobility, collaborative platforms and cloud hosting solutions, extend the areas of vulnerability that CISOs need to keep secure and efficient.

It is therefore necessary to link granularity, traceability, security and performance throughout the whole service chain, in a simple way to effectively fit into the information systems governance plan. Because if we do not have a clear vision of the data in a heterogeneous environment, how can we pretend to keep it secure?

Zero Trust strategic benefits

Zero Trust is a methodology that aims to prevent breaches in a system by removing the concept of trust, both internal and external to the network.

This initiative complements the traditional authentication/authorization approach to protect modern digital environments via :

     – Application protection

     – Mechanisms to prevent lateral movement between resources

     – Simplified user access

As a result, we are moving from access control to control of the processes initiated by administrators on the servers they have connected to. On endpoints, we gain flexibility by increasing checks from user access to applications, then to processes, and finally to API calls initiated by those processes.

The granularity offered by the Zero Trust approach also applies to compliance with security norms including GDPR, the new California Consumer Privacy Act (CCPA), PCI-DSS and other standards.

Segmenting application instances, networks and privileges as well as ensuring intuitive traceability of user actions in compliance with norms are just some of the purposes of Zero Trust solutions.

“Zero Trust solutions are increasingly powerful to secure servers, endpoints, applications, machine processes and, finally, the data itself, by relying on management and access control policies at each level, based on user/machine and IT process identities”, Didier COHEN, Chief Product Officer at WALLIX.

Simplifying governance with WALLIX

The European player WALLIX provides Bastion solutions that meet the challenges of Zero Trust and new threats that are getting increasingly sophisticated and complex.

Certified CSPN by ANSII and designed to meet the regulations of various operational sectors (PCI-DSS, GDPR, SOX, HIPAA, ISO 27001…), these solutions are a perfect example of how to protect sensitive assets: data, terminals, servers, connected objects, etc…

     – Access control: a centralized interface for granular access  policy to meet internal and external business needs

     – Session control: full control of the actions performed by the users, from accessing the data to the process being executed

     – Traceability: analysis of suspicious behavior and recording of sessions to simply identify the origin of a breach, in addition to the traditional tracking and alerting features.

EVA Group Partnership

EVA Group is proud of its new established partnership with WALLIX in North America to support our customers in securing their information systems. These technical partnerships allow us to strengthen our service offering as business IT needs evolve to link performance, security, flexibility and compliance.

More than ever, we continue to add value to a rapidly changing marketplace to make digital access easier and more efficient.

Pierre COLLARD

Information Technologies Consultant

Categories: EVATECH