Building a Zero Trust Future: Key Considerations for Managing Networks, Users and Endpoints

10.29.2020 | Tanium

It all began back in 2009 with a sophisticated nation-state attack on Google servers. This spurred the first significant, sustained effort to build what Forrester described as a “Zero Trust” architecture. 

The same conclusions Google came to a decade ago are now being reached in organizations across the globe. Even the U.S. Department of Defense, for so long wedded to traditional computing paradigms, now realizes the legacy perimeter security model is no longer the best approach. Zero Trust has broken through.

Today, vendors like Google’s BeyondCorp and Cloudflare are writing the next chapter in the Zero Trust story. And in partnership with Tanium, these innovators are helping create the technology foundation for Zero Trust to make it far easier for organizations to implement this new security paradigm.

Expanding your perimeter for distributed work

There was a time when a company’s mission-critical applications and data would reside on-premises in one or more data centers. Focusing security at the perimeter meant everything inside could be trusted and everything outside had to be authenticated for access. 

But Google realized this model had several shortcomings, especially once companies began using SaaS applications and employees began using their own mobile devices for work. 

How could the network provide security when large numbers of mobile devices and remote workers might be compromised outside the perimeter and then allowed back in? And what about new SaaS applications, cloud platforms and hybrid networks that operate outside your locked-down datacenter. 

Ultimately, focusing only on perimeter protection means that attackers have few obstacles to surmount once they inevitably break inside.

Another complication: Traditional VPNs, which allowed remote workers to connect securely to resources inside the perimeter, have become a performance bottleneck for many companies, frustrating workers and reducing their productivity.

Today, cloud adoption is soaring, edge computing momentum is building, and work-from-home employees have become the new norm. IDC predicts that by 2022, over 90% of global enterprises will rely on a mix of on-premises, public clouds, and SaaS applications to support business agility. 

At the same time, the global cost of a data breach has risen to nearly $4 million. And increasingly stringent data protection laws have raised the stakes for effective cybersecurity. The good news is that Zero Trust models were designed with these trends in mind. 

The Zero Trust motto: Never trust, always verify

At its heart, Zero Trust is a simple idea: trust no user or device, and always verify. By combining “least privilege” access policy with multi-factor authentication (MFA) and micro-segmentation, organizations can maintain a more agile security model that is right for a cloud and mobile-first era. 

Discussion of Zero Trust often focuses on user authentication, which, indeed, is an important piece of the puzzle. But just as critical is the endpoint. After all, a user may be legitimate, but what about the device they’re using? Has it been compromised without their knowledge? 

Endpoint security is a growing concern in the context of mass remote employees working on personal devices. Organizations need to have confidence that these endpoints haven’t been hijacked due to poor IT hygiene. This is the value that Tanium’s Endpoint Identity offering brings to the Zero Trust discussion.

Security and simplicity for modern enterprises

Google took years to implement its own Zero Trust model. Today, organizations can implement Zero Trust models much more quickly and easily, thanks to key innovations. 

Google’s BeyondCorp and Cloudflare, for example, are helping make Zero Trust far easier to implement and govern. Combined with the Tanium platform, these technology leaders solve the challenges of Zero Trust management for both users and their devices. As part of these efforts, Tanium announced our Endpoint Identity into Cloudflare for Teams.

Tanium works in the background to continually monitor device health, checking whether it is patched, secure, compliant and managed. When users authenticate to log on to a Zero Trust network, their endpoints are simultaneously checked by Tanium, so that the whole process is seamless for the end user. 

Tight integration between the two products means that this evaluation occurs without any need to connect to Tanium’s administration layer. Cloudflare data centers in 200 cities ensure the whole process takes place in just 100ms for 99% of the world’s internet-connected population. Integration work between the two products takes only 10 minutes, and there’s no need for any additional endpoint agents.

Today, we’re entering a new era of Zero Trust. Organizations want a seamless security model attuned to the new reality of mass remote work, cloud services, and mobile communications. 

To stay secure, today’s distributed businesses need to easily monitor and control all activities across the network for both users and endpoints. Tanium and its partners deliver just that.


To learn more about how Tanium, Cloudflare and BeyondCorp can help you establish a best-in-class Zero Trust security practice, please contact us today!