implementing zero trust model for legacy systems

No System Left Behind: Why Legacy Systems Should be Part of Your Zero Trust Strategy

The rise of digital transformation dictates that businesses move faster, innovate harder and adopt new technologies to remain competitive in their industries. Many times, it means implementation of systems using the latest IT innovation and methods. While the Zero Trust model of security has risen to the challenge for the latest technologies such as cloud, microservices or container systems, it’s essential to ensure that legacy infrastructure has not been forgotten.

Identifying the legacy systems you rely on

Moving to deploy a Zero Trust model is often triggered by digital transformation, understanding that the attack surface is increasing beyond what traditional security controls can maintain and secure. While it used to be sufficient to look at traffic as it entered and exited your environment (North-South), today’s attackers can be assumed to reside inside your network already, and so control over internal traffic East-West is essential. Practically speaking, the Zero Trust model was created for the most modern and dynamic environments, where organizations come up against phishing scams, connections with IoT devices, partnerships with third-party networks and more on a daily basis. Built to secure a digitally transformed network, it’s easy for enterprises to forget about legacy systems and let business-critical applications fall by the wayside. However, unpatched (sometimes there are simply no patches for a current vulnerability for old systems) or decades-old legacy systems are exactly where gaps in security and flaws may occur, making it far easier for attackers to make that first step into your data center.

This is where visibility for Zero Trust is so important. Starting with an accurate, real-time map of your whole infrastructure will uncover the legacy systems that you need to include in your Zero Trust journey, some of which you might not even have been aware existed in the first place. In some cases, this could spur you on to modernize the system, such as updating a machine that is using an old operating system. In other cases, it’s more complex to make changes, such as legacy AIX machines that process financial transactions, or Oracle DBs that run on Solaris servers. These systems can be business-critical, and it can be years before they can be updated or modernized, if ever.

Identifying the legacy technology that you rely on is step one. The more difficult these are to update, the more likely they are to be essential to how your business runs. In which case, these are exactly the areas you need to be sure to secure in today’s high-risk cyber landscape.

Including legacy in your Zero Trust model

Make sure that you have coverage for your legacy servers with microsegmentation policy enforcement modules. The best microsegmentation technology can then use a flexible policy engine to help you create policy that includes legacy systems in your Zero Trust model. As a starting point, you should be able to use your map to ascertain the servers and endpoints that are running legacy applications, and how these workloads communicate and interact with other applications and business environments. Ideally, this should be granular enough to look at the process level as well as ports and IPs. This insight can help you to recognize how an attacker could use lateral movement to hurt your business the most, or access your most sensitive data and applications.

With this information in real-time, you can avoid the challenges of traditional security solutions for legacy systems in the same way that you would for the rest of your data center. After all, if you’ve acknowledged the limitations of VLANs and other insufficient security controls for your modernized systems, why would you rely on them for legacy infrastructure that is even more business-critical, or tough to secure? Network segmentation via VLANs often results in all legacy infrastructure being placed into one segment that can be easily accessed by a single well-placed attack, and firewall rules are tough to maintain between legacy VLANs and more dynamic parts of your network.

In contrast to this traditional method, a microsegmentation vendor that is built for a heterogeneous environment takes legacy systems into consideration from the start. Rather than dropping support for legacy operating systems, hardware, servers and applications, intelligent microsegmentation technology provides equal visibility and control across the whole stack.

Zero Trust means zero blind spots

Your legacy systems might be quietly running in the background, but the noise of the fallout in case of a breach could silence your business for good. Don’t let your pursuit of modernization allow you to forget to include legacy infrastructure in your Zero Trust model, where sensitive data and critical applications reside, and where you might well need it the most.

Want to read more about how Guardicore microsegmentation can take you closer to adopting a Zero Trust framework? Download our white paper on getting there faster.

Read More

From Guardicore's
Resource Center

Centra Platform ensures network microsegmentation for critical environment protection operating 24 x 7 x 365
Using the Mitre ATT&CK framework, this webinar will dive into the adversarial techniques that precede and follow the deployment of ransomware itself.

Subscribe To Our Newsletter

No spam, we promise. We’re only going to send you insights on how to reduce risk in your data center and clouds.

See Centra in Action

Reduce your attack surface and prevent lateral movement with fast and simple segmentation that works everywhere.

See Guardicore Centra in Action

Schedule a demo customized to your specific security needs