HPE Ezmeral: Uncut
EzmeralExperts

Get grounded in Zero Trust Data Security with Ezmeral Learn On Demand

HPE-Ezmeral-Security-Threats-FreeCourse.jpgEmbark on the Zero Trust Data Security learning path, where HPE Ezmeral Learn On Demand has launched the new, free course, Emerging Threats & Zero Trust Architecture.. This is the first course in a planned series on the hot topic of data security.

Why take this course?

It’s free and available on demand. You can enroll, sample, begin a course, and return where you left off. Learn at your own pace and in your own way (even do it on your phone)!

But more importantly, the course unravels the many confusing, indistinct, and scary terms and events you have been reading about in the emerging threat data security landscape. The lessons then knit it all back together in a clear and straightforward manner, with the result being a solid overview of current data security challenges. The following topics are covered:

HPE-Ezmeral-Emerging-Threats-Courses.png

  • Emerging threats: The basics
  • Threats to on premises, hybrid, or cloud businesses
  • Meeting threats with Zero Trust

Emerging threats: the basics

Data security is an all-encompassing term that covers many different fields across a vast technical landscape (some of which are shown in Figure 1). You’ve probably heard of many of these industry areas: security operations & architecture, threat intelligence, governance & compliance, and risk assessment.

Within each of these fields, many other specific aspects are included--like incident response, containment, recovery, training, or corporate education and user awareness.

Figure 1. Some of the many fields of data securityFigure 1. Some of the many fields of data securityThe pace and technological advances of these various security threats require aggressive monitoring and active mitigation by all organizations involved with securing data. This course discusses three main areas where data 

security shortfalls are having devastating impacts: failure to meet regulatory compliance, revenue loss, and emerging cyber threats.

The course also reviews the four basic pillars of data security – secrets, authentication, authorization, and attestation – and provides the basic grounding in current security access processes in use today.

On-prem, hybrid cloud

Next you will learn (via some use cases in the communications, technology, finance, and healthcare industries) a handful of the technical challenges unique to each industry vertical.

For example, businesses operating in the financial sector must incorporate the services and data of a variety of different companies (to gather commercial lending rates, retail banking accounts and services, real-time stock data, and so on). Each of these subsidiaries or separate businesses have their own IT infrastructures and compliance regulations. Each business might be functioning with different operating systems and platforms, with applications built in different languages, making it even tougher to guarantee secure, integrated access, and data transfers. Their security solution must be platform agnostic and capable of interfacing services between a combination of cloud, hybrid, and on-prem compute resources.

For instance, one bank may have balance information stored in a legacy on-prem database with secure client access being provided on cloud applications. This information also needs to be securely accessed and shared behind the scenes with other financial institutions in order to clear transactions, such as in the transferring of funds.

Incorporating all these data sources together, while ensuring regulation compliance laws and security authentication procedures are met, is non-trivial and is but one area of potential security-flaw exploitation.

Adoption of Zero Trust Architectures and DevOps

New and innovative ways to protect data and applications are constantly being developed. Organizations are required to handle increasing operational complexities within their business.

Figure 2. Security DevOps allows organizations to be proactive in protecting against vulnerabilities.Figure 2. Security DevOps allows organizations to be proactive in protecting against vulnerabilities.Over the past few years, this has driven the expansion of the DevOps role. As IT infrastructures get more complex, developers now include security considerations much earlier in the process of application development – it’s getting planned for and baked in. The security-focused DevOps structure allows teams to be proactive to protect against vulnerabilities instead of detecting the breaches after the fact (Figure 2).

As networks grow ever more complex with the addition of cloud-based infrastructures and services, software-as-a-service applications, containers, mobile workers, and more, perimeter-based security approaches are declining (Figure 3).Figure 3. Perimeter-based network security approaches are on the decline.Figure 3. Perimeter-based network security approaches are on the decline.

The number of systems now requiring protection has increased so significantly that building and maintaining these types of perimeters have become unmanageable. Existing tools like VPN, firewalls, and network-based security tools are simply no longer enough.

Many companies are now moving towards a Zero Trust Architecture (ZTA). This is a term that has been increasingly used in the industry and can have a few different interpretations.

Generally, a Zero Trust network is defined as an evolving set of security paradigms that are moving away from the static, perimeter-based defenses we’ve just discussed. These architectures focus more on protecting resources, services, and users directly, instead of network segments with known locations.

Zero Trust assumes that the “bad guys” are everywhere, so organizations do not automatically trust anything inside or outside their perimeters. The default assumption is that everything should be denied access, no matter its origin, until it has been verified.

A ZTA will often use cryptographic identities to authenticate resources, including every system or user, and it enables universal enforcement of this across hybrid infrastructures, including varying platform or cloud services.

In the hybrid infrastructure world, companies are searching for a Zero Trust Architecture they can implement and reliably support.

SPIFFE and SPIRE provide such a solution, eliminating the need for perimeters and secrets by keeping distributed systems secure and solving the challenges organizations now face. Take the new, free course: Emerging Threats & Zero Trust Architecture today, and stay tuned to Ezmeral Learn On Demand, as a course on the specifics of SPIFFE – SPIRE security solutions is coming soon! Questions? Leave a comment below or contact us.

About the author:

SuzanneFerry.PNG

Suzanne Ferry is the Director of Digital Learning for the HPE Ezmeral software business unit. This team creates free, on-demand courses covering timely topics such as Zero Trust Data Security, AI/ML, Data Fabric, and others.  

 

 

Hewlett Packard Enterprise

HPE Ezmeral on LinkedIn | @HPE_Ezmeral on Twitter

@HPE_DevCom on Twitter 

About the Author

EzmeralExperts