Zero-Trust security. Swtich from a perimeter-based (firewall and VPN) model of access to a user to resource model.
Implement strong, simple identity. Identity for both a person, but also a system. Decouple the identity from the corporation: make it affinitive to the user, a single identity.
Enforce entitlements and authorisation in the network.
This micro-segmentation is simpler to use, more accessible, and, more secure. It reduces the lateral-traversal, it empowers the users, it increases the audit capability. And, its more economical, more scalable. Everybody wins.
The core of any Zero Trust Network Architecture is identity. Identity of a person, identity of a resource. Users are commonly identified via OpenID Connect and SAML. Resources are commonly identified by Client Certificates.
Zero-Trust Network Architecture
Zero-Trust Network architecture has evolved over the years. The constant theme is changing from a perimeter-based (firewall+VPN) security stance to a user+resource stance.
Zero Trust Security has a set of foundational standards that are shared with other technologies. These relate to cryptography, security, identity.
Complex technologies can be difficult to configure. Learn from the accumulated best practices of others.