Multi-Site Retail Network Security Starts with Zero Trust

The steady stream of new cloud-based applications and digital technologies pose challenges in safeguarding your retail locations from future cyberattacks.

Small retailers are particularly vulnerable to cyberthreats. According to the 2018 Verizon Data Breach Incident Report (DBIR), 58 percent of data breaches impact small businesses.

What is a Zero Trust Network?

Traditional network security has been configured to protect the perimeter. What’s been inside your network walls has been presumed to be trusted.

In a cloud-based environment with many connected IoT devices, network boundaries are more fluid. Left uninspected, more sophisticated threats have arisen to exploit vulnerabilities and attack your valuable business data. Segmentation, access controls, and multi-factor authentication are effective lines of defense to restrict access and reduce risk and potential damage.

These new challenges require different ways to manage network security and ensure PCI-compliance for multi-site retailers and restaurants.

Businesses who want to reliably prevent the exfiltration of sensitive data and improve their ability to defend against modern cyberthreats should consider a Zero Trust Network architecture. Developed by John Kindervag, states the Zero Trust is a powerful way to minimize risk.

Zero Trust “mandates that information security pros treat all network traffic as untrusted.”  A ZTN doesn’t mean that employees are untrustworthy. It means we can potentially avoid cybercrimes before they occur by recognizing these three ZTN core concepts:

1) There are no longer trusted and untrusted interfaces on our security devices

2) There are no longer trusted and untrusted networks

3) There are no longer trusted and untrusted users

Zero trust network security operates under the principle “never trust, always verify.”  

So what does ZTN architecture mean in practical terms?

Here are some of the key architectural elements whether you’re building a zero trust network or turning to a managed security services partner for support.

An integrated “segmentation gateway” as the nucleus of your network

A segmentation gateway like Acumera’s Merchant Gateway serves as the core for each site’s network. It’s both a stateful firewall (to distinguish legitimate packets for different types of connections) and an application platform that aggregates information from the network. A segmentation gateway also defines a global policy that outlines the principles, procedures, and guidelines to enforce, manage, monitor, and maintain security to protect against breaches.

PCI Compliance: A ZTN is especially useful in supporting PCI compliance which mandates that a firewall separate wired and wireless networks.

As Kindervag wrote: The firewall embedded in the fabric of the segmentation gateway ensures that wireless access points can’t be bridged directly to a core network switch, which is a significant problem in many enterprise networks and the issue that PCI compliance was designed to address.

Parallel, secure network segments

Each segmented zone within your network is its own microcore switch where each zone functions as a microperimeter. All the resources within a specific microcore share similar functionality and global policy attributes.

Centralized management of the switches and segmentation

Every component of your network can be managed centrally and embed security within a unified switching fabric.  Acumera advises that you employ an Unrestricted Device Policy. By default, all inbound and outbound traffic should be blacklisted, so the only communication possible from devices is what is explicitly allowed in the firewall policies.

A data acquisition network to gain complete network visibility

Your network should be able to aggregate information from every connection, device, and cable connected for monitoring and management from a remote monitoring tool like the AcuVigil™ Dashboard for complete network visibility

A Culture of Security and Support

The Zero Trust Network begins with the policies and controls to govern your employees and vendors who access your network.

It’s an excellent approach to assess vendors, their strategy, their existing products, and their future roadmaps. When selecting a qualified partner to manage your network, you need to make sure that they both embrace the principles of a ZTN and possess the resources and expertise to implement one successfully.

How Does Acumera Architect a Zero Trust Network?

Conclusion

With modern threats targeting cloud-based applications and IoT devices, perimeter security isn’t enough. Retail businesses need a network infrastructure that identifies activity that might have gotten past perimeter surveillance. Zero Trust Networks combine infrastructure with the policies and controls to protect your network and monitor activity within the perimeter.