With the increasing popularity of multicloud solutions, organizations have, for the most part, acknowledged that the traditional perimeter approach can no longer be trusted to keep their information secure. Whether security breaches occur in-house or from outside bad actors, companies seek to implement security that is flexible and cloud-friendly.

One of the recent strategies is one called zero trust, a model based on the assumption that attackers will breach security — it’s only a matter of when. Therefore, no user is trusted until they can be 100-percent verified permissions to access certain data.

Dr. Chase Cunningham (pictured), principal analyst servicing security and risk professionals at Forrester Research Inc., spoke with Jeff Frick (@JeffFrick), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the RSA Conference in San Francisco. They discussed zero-trust strategies, as well as the benefits of micro-segmentation. (* Disclosure below.)

[Editor’s note: The following answers have been condensed for clarity.]

How are you adjusting the zero-trust game based on new complexities of hybrid cloud? If we were to try and fix this from the start, where would we start?’

Cunningham: We’d obviously start … with users followed closely by devices, because if we can take care of those two pieces, we can actually gain some ground and work our way going forward. If you’ve heard a lot of the stuff around micro-segmentation, our approach to micro-segmentation means micro-segment everything. We mean users, accounts, devices, IoT, OT, wired, unwired — whatever it is, if you can apply control to it and you can segment it away to gain ground, segment it.

When you think about micro-segmentation architectures, how are you creating buckets? What are your logical buckets that you’re putting things in?

Cunningham: It should be based on the function that you’re trying to allow to occur. If you look at the way we architected networks for the last 20-something years, it’s been around ‘use writ-large.’ What we’re talking about [with] micro-segmentation is, if I’m micro-segmenting devices, those devices should live in a micro-segment where devices do device stuff. If you can keep control of that, you can see what’s coming and leaving. Users should be segmented that way; networks, all of it, should be built around function rather than interoperability. Interoperability is a result of good micro-segmentation, not the other way around.

Right, [and so] applying the fixes at all different points in the spectrum, as opposed to just trying to create that big giant wall and a moat?

Cunningham: [Yes], the perimeter model has categorically failed. Everyone around here seems to understand that [it’s] a reality; and we’re not saying you shouldn’t have your defenses up, but your defenses should be much more granular and much more focused on the realities of what enables the business.

What are you working on as you go forward this calendar year?

Cunningham: It’s mostly … on this adoption of zero trust across the industry and really getting people to understand that this is something that can be done. So we have write-ups going on customers that have deployed zero-trust solutions and how they did it, why they did it, where they got benefit from, where they’re going with it, because we remind people all the time that this a journey. This is not something I wake up in the morning, build a zero trust network, and walk away. This is multi-year in some cases.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference. (* Disclosure: Forescout Technologies Inc. sponsors theCUBE’s coverage of the RSA Conference. Neither Forescout nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE