This is the third and final part in a series on zero confidence and microsegmentation. Make sure to check parts 1 and 2.
The customer relationship used to be circular – you market your products to customers, they buy products, your business provides customer service as needed, and then you market additional products to continue the cycle. Your business generally operated separately from other businesses, especially competitors. Your organization may have partnered with another at times, but this was usually in name only or putting together the offerings at the end. For many businesses, the solution to collaborating securely with other businesses is zero trust using microsegmentation.
In the first two articles in our series on microsegmentation, we focused on using this strategy as part of a zero trust approach with internal partnerships and suppliers. In this article, we’ll look at how to use microsegmentation to work more securely with customers and partners.
Zero Trust: a tool for teamwork
Today, working in isolation just doesn’t work. From open source development to customer-generated content, companies now work in a much more collaborative way. Companies that try to operate on their own, separate from customers and other businesses, severely limit their growth and opportunities. With digital transformation, businesses now have the platforms and processes to enable more teamwork throughout the process.
Businesses can also focus on work with clients to co-create success, PwC discovered. The focus of their research was on the world after the pandemic and creating new value for your business. The message will remain relevant long after the pandemic is over. As this type of teamwork gained traction before 2020, pandemic restrictions have accelerated digital adoption. Additionally, companies that had previously shared files or performed in-person content reviews needed to create new “places” to work.
Collaboration through zero trust and microsegmentation
Creating this type of environment between businesses requires at least some form of digital access. Gone are the days of giving customers who visit your office a simple wireless guest option. Now, organizations need to ensure that their collaborative efforts don’t compromise data or create openings for threat actors. Even though your customers and partners are unlikely to be malicious, every user and device with access to your system creates a new endpoint to secure.
Using the same principle as that used for suppliers, you can create a microsegmentation so that customers and partners only access what they have a business reason to access. You then configure your network landscape with a zero-trust security approach. This verifies every device and user, assuming that no user or device is trustworthy until verified.
Understand the business needs of customers and partners
Since the lifeblood of microsegmentation is business need, you need to review the role of the person and determine exactly how much access they need to accomplish their project-related tasks. Instead of just thinking about the sections of the network, which is the model for the perimeter security mindset, start by looking at workflow and processes. Think about the systems and applications that each person needs to access.
Consider using project management or collaboration software for the project to improve communication and workflow. These tools also help limit access while creating the teamwork mindset you need to be successful in business today. However, it is not enough to simply use these types of tools and provide access to the partner or customer. You need to use this and microsegmentation together, as part of an overall zero-confidence approach.
Microsegmentation and Zero Trust as Standard Practice
Throughout this series we have discussed how microsegmentation fits into zero confidence as well as how to go through the process of choosing which microsegmentation to use. While the approach may seem overwhelming and cumbersome at first, your team will quickly get used to the new process and new mindset. Approach all access decisions from a least privileged access point and business needs mindset. This way, your team can work securely with other high-value professionals, including vendors, partners, and customers.