Raphael Vallazza is the founder and CEO of security specialist Endian.

What consequences does the Zero Trust approach have for the architecture and organization of network security?

Vallazza: The Zero Trust approach is not based on locations, but on identities, authorization and secure authentication of users and machines - for every single access. The structure of the networks must be based on these parameters.

What special challenges does Zero Trust pose for OT environments in particular?

Vallazza : The segments of OT environments are often very large, so you have to develop a suitable strategy for micro-segmentation, ideally at the level of the production line or even the individual machine.

It is also important to train personnel such as service technicians and introduce them to the Zero Trust architecture. To achieve this goal, it is particularly helpful if the solution introduced is easy to use. Staff acceptance increases significantly with user-friendliness. In combination with suitable remote maintenance tools, which also increase productivity, a win-win situation is created: the infrastructure is secured and efficiency is increased.

What should companies bear in mind when implementing a Zero Trust architecture?

Vallazza: The following things play a role in Zero Trust: central management, two-factor authentication, activity monitoring and a secure data flow as well as NAC, i.e. Network Access Control.

The prerequisite for implementing a zero trust strategy is fast and centralized management of all end devices, users and connections. For example, granular access rights must be set up for each employee. This means that all employees only receive the authorizations required to perform their tasks.

Other rules can be helpful in preventing unauthorized access to machines and systems. For example, companies can specify that a technician can access the network from their home office or at the location of the customers they support, but not from a country where the company has no branch or customers. This aspect has become even more important due to the pandemic and the increase in remote working.

With two-factor authentication, another factor is required in addition to the user name and password in order to access a system. The 'possession' factor is the most widespread and means that the user must have a specific device, for example a smartphone, to which a time-limited password is sent.

Internal perpetrator attacks also pose a major threat to companies. By logging all log files, it is possible to identify who accessed which resources when and what activities were carried out there. By integrating an intrusion detection system, irregularities in the network can be detected quickly.

VPN access also plays an important role in the zero trust concept. VPN (Virtual Private Network) encrypts the data and thus ensures that it cannot be stolen or altered.

Network access controls can also be used to enforce compliance and thus guarantee the security of the endpoints that connect to the network. This means that only endpoints that meet certain requirements can connect, for example an updated operating system, antivirus with up-to-date signatures, etc.

Endian at the SPS 2021: Hall 6, Stand 150Q