East/West Is the New North/South

In today’s connected world, your biggest security holes may be within your own applications and APIs. Discover how implementing Cloudentity’s context-aware Zero Trust platform provides maximum protection, is easy to implement, and enables you to adopt this best-practice security model with confidence. 

The data center, whether on-premises, in the cloud, or as a hybrid mix of both, is a network of computing and storage resources that enable the delivery of shared applications and data critical to the survival of your business. For that reason, protecting the data center from cyber-threats is of paramount importance to every enterprise. 

Secure Your Data Flow from Bad Actors 

Data center protection begins with securing network traffic, a common entry point for bad actors. At its simplest, network traffic is the movement of data across a network performed by components (application server, database, etc.) inside a data center to fulfill a request for content by a client (a user or another server). When we talk about network traffic, whether that data flows inside your network or outside of your network, it is the data flow that matters.   

Data center network traffic moves in two directions: North/South and East/West. North/South refers to traffic flowing into (south) and out of the datacenter (north).  East/West traffic, also known as lateral traffic, is the traffic from one server to another inside your network.   

Historically, organizations focused on perimeter protection to secure against North/South network traffic. By default, external North/South traffic was deemed untrustworthy. For internal East/West traffic, organizations used the “trust but verify” model. 

What is the Zero Trust Security Model? 

In 2009, John Kindervag,i a former Forrester analyst, introduced the Zero Trust security model.  The Zero Trust security model is based on the premise that neither North/South nor East/West traffic can be trusted. While the Zero Trust model was applauded as an ideal security concept, many CIOs feared that the complexity of implementing it would outweigh the benefits. However, with East/West network traffic growing exponentially due to application modernization, and as alarming new statistics for insider threats continue to surface, East/West has become the new North/South. Finding an easy way to implement Zero Trust is now a critical strategy for most CIOs and CSOs. 

Just the Stats 

The size, frequency and cost of East/West threats are steadily increasing: 

  • 66% of organizations consider malicious insider attacks or accidental breaches more likely than external attacks 
  • Over the last two years, the number of insider incidents has increased by 47% 
  • The cost of insider threats (related to credential theft) for organizations in 2020 is $2.79 million 
  • Insider threat stats reveal that more than 70% of attacks are not reported externally 
  • The percentage of insider incidents perpetrated by trusted business partners has typically ranged between 15% and 25%ii 

Modernization Drives New Security Needs  

If you are like most enterprises today, you are actively replacing monolithic, inflexible applications with many smaller, nimbler microservices. Each microservice is essentially a micro-application that needs to communicate with other micro-applications. Your data center is now more complex so that it can flex and growth as your company grows. It is no longer a set of on-premises servers in the same physical location. It is spread out across multiple data centers, the edge, and private and public clouds. 

Your company’s application modernization and digital transformation efforts, while necessary to make your business more agile and competitive in your market, exponentially increase the amount and complexity of lateral (East/West) application-to-application traffic inside your data center. The unfortunate by-product of progress is more opportunities for insider attacks and accidental breaches. 

How the Cloudentity Context-Aware Zero Trust Model Works 

It is more important now than ever to deploy a Zero Trust security model to monitor and dynamically evaluate East/West traffic at the transaction level to safeguard internal systems from compromise. 

“ZT is rapidly becoming the security model of choice for enterprises and governments alike. However, security leaders often don’t know where to begin to implement it, or they feel daunted by the fundamental shifts in strategy and architecture. However, ZT doesn’t require that you rip out all your current security controls to start fresh, and with the right approach, you can realize benefits right away.” Chase Cunningham, Principal Analyst, Forresteriii 

With our Cloudentity context-aware platform, each microservice in your application landscape has its own Cloudentity MicroPerimeter™ container with its own security rules. This allows the Cloudentity Management service to dynamically evaluate traffic at source. 

Dynamic authorization with Cloudentity MicroPerimeter™ can take less than a millisecond, meaning that this model can save you thousands of milliseconds compared to sending traffic on a long North/South road trip for authorization. Ultimately this leads to massive savings in hardware, compute, network capacity, and scaled systems, while delivering much lower latency for a frictionless customer experience. 

If we stop making any distinction between East/West and North/South traffic, then no traffic is trusted and all traffic is evaluated. In a true Zero Trust world powered by Cloudentity’s Zero Trust dynamic authorization platform, there is no directionality – just secure services for as far as the eye can see.  

Want to learn more, or try it yourself? Get in touch for a short demonstration or sign up for a free trial today.