The Year of Zero – Our predictions for 2021
In the tech world though, we are likely to see a few developments. One of the things the pandemic made clear is that cloud businesses have an advantage. Cloud-based hardware and software businesses not only survived but actually thrived during the pandemic. And even after the pandemic passes, odds are many customers that made the digital transformation journey will not turn back. For them, the cloud is here to stay. And for all we know, their employees might continue to WFH for the foreseeable future.
The movement to SaaS applications and the phenomenon of people working from outside the office will bring along the following indirect impacts.
Traditional security models relied on what is commonly called perimeter protection. It dictated a multi-layer protection mechanism, guarding the data center like you guarded a medieval fort. Typical layers included an external firewall, a DMZ, an internal firewall, intrusion prevention systems, etc. This is also called the defense-in-depth approach and has been espoused by cybersecurity software companies over the last couple of decades.
Basically, the idea was if you were coming in from outside the firewall, you were not trusted. But if you were inside, then you were automatically considered trusted.
With employees working from home, that model is rapidly devolving. – as the perimeter is almost non-existent, or is, at the least, starting to get fuzzy. Perimeter security might have made sense in the old days when the action was inside the building or in a closed network. With workloads in the SaaS, and your employees working from everywhere, where’s the perimeter, really?
The traditional perimeter protection model is instead giving way to a new paradigm that some of you may have heard referred to as Zero Trust. In this model, you get to define smaller entities you want to protect – for example – a server, a SaaS workload, a printer, a device, etc. This mechanism is called Micro-segmentation and it significantly reduces the attack surface for a potential attacker. Rather than have a large “Attack surface” that you tried to defend previously, you now defend smaller “protect” surfaces. And it also and allows you more granular control over who gets access to what.
Zero Trust boils down to 3 key principles
- Verify explicitly – Identity is the foundation for zero trust. You don’t want disparate authentication mechanisms – you want a single centralized source of truth that everybody. A single namespace and a single authentication scheme – Azure AD is a popular one nowadays, or Okta. And you are authenticated no matter where you come from – from inside the perimeter, or from outside.
- Principle of Least Privilege – This leverages the micro-segmentation we talked about earlier. The idea is to grant access only when needed, only for as long as needed, and for the specific task and role at hand
- Assume breach – With Zero Trust, you assume every attempt to authenticate is an intrusion and you validate access no matter who and how small the stakes. Two-Factor authentication (or Multi-factor authentication) is a critical component of this. Think Azure AD, Google, Okta.
Starting in 2021, you’re likely to see Zero Trust move from being an interesting concept to becoming ubiquitous taking center stage.
Zero Knowledge Privacy
Invariably, as solutions get deployed using the cloud as a storage medium, organization need to worry not only about how secure the data is – but also to ensure that they are on a defensible platform with respect to privacy – from a regulatory compliance standpoint. Many SaaS solutions can claim to be secure, but precious few can really claim to provide privacy. The reason is that while they all use encryption to protect backed up data, in most cases, they also choose to retain the ability to decrypt the data when it suits them. While this may not matter in the consumer industry, where individuals may be willing to trade privacy for convenience – businesses have a harder time with this due to liabilities they face under regulations.
They key to delivering privacy is to understand a concept called the separation of duties or a segregation of duties. Encryption can provide security, but without a strict segregation of duties it is as good as no privacy at all, or weak privacy at best.
When segregation of duties is unclear or doesn’t exist, there is an implied loss of data privacy, which in turn leaves the organization in a less defensible position with respect to regulatory compliance.
Let us examine segregation of duties in a bit more detail with a real world example. It is interesting that I can use a real world example, because in the real world, as a society, we have surmounted this problem already.
The best analogy is safe deposit box in a bank. You may use the bank’s premises to keep valuable belongings – just like you may use the cloud to store valuable business data.
But when you rent a safe deposit box, you also have the option to lock it and bring a key back with you – thus preventing unauthorized access. So, you trust the bank to be secure, but you take it upon yourself to ensure privacy by retaining the key to your safe deposit box.
In the digital world, most SaaS do ensure security, but can’t really ensure privacy. Remedying this involves giving the customer the ability to control and change their encryption keys at any point of time. This simple concept is called Zero Knowledge Privacy – meaning that the customer can trust that their data is private without the SaaS vendor having to read their data, or with the cloud provider having to read their data. The customer alone is the sole party with the ability to decrypt and recover their data.
Strong encryption with a clear separation of duties, leaves the organization in a much safer and more defensible position from a regulatory standpoint.
With increased digital transformation in 2021 and more adoption of SaaS solutions, Zero Knowledge Privacy will become a higher priority in customers’ minds.
The third big driver in 2021 will be cost savings. The current year hasn’t been kind to many businesses and almost everybody is working with shrunk budgets. Ways to save on cloud costs will be a critical factor on who wins and loses in the coming year. Cloud compute, cloud storage, network bandwidth – are what go behind making SaaS applications tick – and these are the key resources for which customers write checks month on month. Innovative solutions which are able to leverage the scale the cloud affords and using that in clever ways to reduce customer costs are more likely to win.
At Parablu we have striven all year to be ready for the Year of Zero. Our solutions are Zero Trust ready and we take pride in our Zero Knowledge Privacy based philosophy and solutions. And our IP protected solutions are geared towards reducing your storage investments to ZERO, especially if you are an Microsoft M365 user or a Google G-Suite user.
We look forward to seeing you in the Year of Zero. Get in touch with us to learn more – firstname.lastname@example.org. Best wishes for a great 2021!