Zero trust has risen to the forefront of discussions around security and gained significant attention at a time when dramatic shifts are taking place in modern enterprise environments. Business models are evolving, and organizations are increasingly pushing to the cloud and expanding their reliance on third and fourth parties to support critical business operations. In addition, most employees are working from home due to COVID-19, which makes connectivity especially critical while the IT landscape grows in complexity with a plethora of unmanaged devices.

These dynamics are changing the need for organizations to think about securing their enterprises in a more modern way, according to Andrew Rafla (pictured, left), principle and zero-trust offering lead at Deloitte & Touche LLP.

“There is no longer a clearly defined perimeter where everything on the outside is inherently considered untrusted and everything on the inside could be considered inherently trusted,” he added.

Rafla and Ravi Dhaval (pictured, right), national cloud cyber risk leader at Deloitte & Touche, spoke with Jeff Frick, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during AWS re:Invent. They discussed Deloitte’s approach to Zero Trust, use cases and partnership with AWS, as well as best practices for implementing zero trust within the enterprise. (* Disclosure below.)

Cloud native services help identify and auto-remediate misconfigurations

Today, the cloud has the ability to impact device and edge security using cloud data services, according to Dhaval. “That continues to grow and is one of the key reasons we’re seeing accelerated growth and adoption of IoT devices in particular,” he said.

Zero trust is a conceptual framework that helps organizations deal with the ubiquitous nature of modern enterprise environments, Rafla explained. “At its core, zero trust commits to a risk-based approach to enforcing the concept of least privilege across five key pillars, or a framework, of users, workloads, data, networks and devices,” he stated. 

One use case that Deloitte has developed an offering around is in the identification and auto-remediation of cloud security misconfigurations leveraging cloud native services. The offering, Deloitte Fortress, covers major cloud service providers. 

A key benefit of Deloitte Fortress is that it offers a dashboard providing visibility into what the top violations are occurring within the ecosystem. “That kind of view is informing the upfront processes of developing security infrastructure as code and then also correcting the security guardrails that might have drifted over time,” Dhaval said.

For AWS specifically, Deloitte designed an event-driven architecture leveraging AWS Config, Amazon CloudWatch, Amazon EventBridge, and AWS Lambda. It includes a library of rules and automated actions that are triggered by events coming from Config and CloudWatch. The benefit to customers using this native automated remediation has been the ease of implementation and ongoing maintenance and enhancement of security posture with minimal effort, according to Dhaval. 

Tips for enhancing efficiency along the zero-trust journey

When embarking on the zero-trust journey, Rafla advises organizations to align first and foremost with business objectives.

“Aligning to those guiding principles from the start will ultimately help drive consensus across various stakeholder groups within the organization and build trust in the initiative,” he explained. 

Rafla also recommends understanding the criticality of the organization’s data and how it should be classified and tagged so that policy decisions can be enforced within the control stack. 

A final point that Rafla makes is to use technologies that integrate with each other.

“Take an API-driven approach so that you have the ability to integrate some of these heterogeneous security controls and drive some level of automation and orchestration in order to enhance your efficiency along the journey,” he concluded.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of AWS re:Invent. (* Disclosure: Deloitte Consulting LLP sponsored this segment of theCUBE. Neither Deloitte nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE