Why Zero Trust Needs Automation

Enterprises should consider using automation and AI to scale the Zero Trust framework.

By Herb Kelsey, Industry CTO – Government, Dell Technologies 

If you were to have a conversation with a hacker, they would tell you that AI will enable data breaches exponentially in the next several years. And yet, only about 4 in 10 organizational leaders can say with utmost confidence that security is embedded into their technology and applications, according to the Dell Innovation Index. Although cybercriminals are gaining rapid access to technology that will allow them to scale their shady operations at unprecedented levels, that same technology may be used to counter their efforts when combined with a comprehensive and adaptable security framework: Zero Trust.

I have written about the many powerful advantages of Zero Trust. At Dell Technologies World 2023, I discussed how securing the perimeter is much more complicated in a world in which multicloud, hybrid environments, IoT and artificial intelligence/machine learning (AI/ML) at the edge are an increasing part of business operations.

Because Zero Trust prioritizes securing applications and data, along with network topology, it’s made for this new complex world and the way we conduct computing today.

Zero Trust and AI in cybersecurity

From Dell’s Innovation Index, 2023

Today’s cyber attackers use automation at a high rate. On the other side of the fence, however, the use of automation in enterprise cybersecurity is piecemeal at best. And it takes way too long for the organization’s security policy enforcement to kick in. Manually implemented policy restrictions for reporting an attack (detection of a breach might have to be reported to higher-ups) delay responses. And when it takes just seconds for an adversary to gain a foothold in enterprise networks, such delays are costly.

The Zero Trust framework, through its use of automation and orchestration augmented with AI/ML, can help resolve this time lag and improve enterprise response time to breaches.

One of the core principles of Zero Trust is to use AI to respond to adversarial attacks more quickly and to do so within an appropriate policy framework. This allows teams to detect and respond to cyberattacks faster and defend against adversaries with better tools.

Telemetry data from user behavior, devices and applications of a given environment can form the training dataset for machine learning models that are able to detect patterns of anomalies and quickly respond. AI can also help alleviate the talent shortage in the field and aid junior employees, usually those who report for the third shift at night, to make smarter and faster decisions. A note of caution: Enterprises that use AI must pay careful attention to the foundational training models to ensure they are scrubbed free of bias. Enterprises can also use automation to attend to routine implementation of policies.

How to incorporate automation into Zero Trust

The Seven Pillars of Zero Trust, from the DoD

If AI and ZT can make enterprise cybersecurity more responsive, what exactly does it take for Zero Trust to be done right?

First, here’s what I would advise not to do: Don’t try to retrofit Zero Trust into existing environments. Zero Trust environments are built to be dynamic and policy enforcement driven, while existing infrastructure environments are usually statically enforced hardwired policy environments that have not been changed since the enterprise first built them. So, shoehorning Zero Trust into existing infrastructure environments will likely become expensive, time-intensive and operationally disruptive.

Instead, focus on enterprise data protection policies—the ins and outs of how your business needs to operate—and define those thoroughly. These policies are an enterprise’s way of customizing its ecosystem to its specific requirements for the storage, transport and sharing of data with users, devices, applications and services. Conducting such an inventory will help translate enterprise policies into statements that machines can understand, implement and enforce.

Through our Zero Trust Center of Excellence, Dell Technologies is industrializing the DoD’s Zero Architecture.  This provides organizations an environment where their enterprise security policies can be translated into technical directives that will be implemented in the Zero Trust system. Given the blistering pace of change in technology, it won’t be surprising if today’s policies will need a few adjustments tomorrow, so enterprises need to develop adaptable solutions.

A foundation for a more secure tomorrow

Zero Trust is a powerful, sustainable and adaptable weapon against cyberattacks. So effective is the framework that Department of Defense Chief Information Officer John Sherman has said that a 2023 leak of national documents would have been easier to detect and prevent had the framework been in place.

Unfortunately, despite ZT’s promise, some 77 percent of the respondents in the Dell Innovation Index said that they’re yet to explore or build a Zero Trust architecture. The time is now to lay the necessary groundwork.

As I’ve said before, an advanced Zero Trust solution aims to automate and orchestrate the security response as quickly as the systems can be attacked. Leaning on these technologies will help enterprises implement the tenets of the Zero Trust framework efficiently—and at scale.

While enterprises must build a robust foundation for automation and AI to effectively do their jobs within the Zero Trust framework, the dividends are worth the effort. Otherwise, they will find it difficult to blunt the kinds of large-scale automated attacks that threat actors can unleash.