Have you ever seen a banyan tree?
These trees are fascinating because they can sprout roots literally in the air. They can grow to a fascinating size and are considered their own ecosystems after they’ve been alive for decades. The web of branches that are created by banyan trees look imposing and somewhat complex at first glance.
That’s why It’s so fitting that a new security company that we heard from in June at Security Field Day is named Banyan. They’re tackling a new complex problem in the security space – Zero Trust. It’s a critical way to look at how we process and understand the web of security relationships we have among users and data.
Keep Your Friends Close
A lot of security software we use to monitor data makes assumptions. They security software assumes that users typically know what they’re doing and take basic precautions to stay safe. The software assumes that users are trying to access data from safe places with approved devices. And it assumes that users are trying to access data they have a right to see.
Now, that’s the assumption. We all know that reality is far, far from where these assumptions lie. Users often don’t know the intricacies of security. Their devices aren’t often secured. They try to access data from coffee shops and other insecure places. And they have been known to poke around to see what they can access.
So how do you fix all that? Well, the most common way to do it in 2019 is to set up a zero trust mentality around your data. You challenge your users to prove their fitness to access the data every time they access something. You take nothing for granted. You assume that every endpoint is insecure and every user is invalid until proven otherwise. It’s a lot like security for an airport or other high security area. You can’t have access until you prove your identity and fitness no matter how many times you’ve been there.
Zero trust is hard. Because you’re all but assuming the worst-case scenario in every situation, you have to make sure that your security is bulletproof. You have to make sure your posture assessments don’t get anything wrong and cause an invalid user to access data. Worse yet, you have to be prepared for the inevitable issues with people getting locked out because of various reasons. Zero trust setups spend just as much time authorizing users as they don’t denying bad actors.
Web of Zero Trust
So how does Banyan do all of this and what makes them better? The first is that they’re creating trust scores from the start. They don’t wait to interrogate endpoints and users. Banyan builds a trust score for the user right away. And they can leverage various tools to ensure the score is accurate. Even the most safe and secure users would have a low trust score when accessing data from a public terminal or a highly insecure system. Banyan can track devices and people to make sure that trust scores validate their access levels.
The next step in the Banyan process is probably the most important one: they don’t stop validating. Their system continuously checks for privilege authorization and re-validates access to resources. This means you won’t run into issues where a secure machine is granted access to data and then somehow becomes insecure after authorization. Like, say for example, someone gets access to a secure system via VPN from a coffee shop and then has the VPN fail or moves to a less secure location. Because the system is constantly validating access to ensure security, you don’t have to worry about something like this happening. Better yet, you can set it up so you get an alert when it does happen so you can have a chat with your users to ensure they stay in safe places when accessing data.
The third aspect of Bayan that makes their zero trust platform easier to use is their distributed enforcement. Instead of making users check in with a central system every time they want to access resources, Banyan can deploy their protections closer to the edge to allow for a scalable solution. We’ve all seen what happens when a centralized system is implemented for resource access in the past. And it usually resembles an explosion of chaos. By having distributed policy enforcement and validation at the edge, Banyan can ensure that their solution works with any device across multiple clouds or locations. Because the onus for validation is pushed to the user accessing an application instead of a device validating in a central authority, there is no bottleneck.
Think back to the banyan tree that they take their name from. If a Banyan tree tried to grow beyond a certain size it could very easily topple over. A strong root system is needed to feed the tree, but even roots growing from a trunk can’t support very large organisms. What’s needed is a different root structure, which is what the banyan tree does with aerial roots. So too does Banyan the company build out far-ranging roots to ensure no one thing can topple their network.
Bringing It All Together
You can’t count on traditional security to keep up with the world of today. There is too much that can go wrong and old solutions can’t keep up with modern concepts like multicloud and users having multiple devices. Taking a cue from nature, Banyan has built a system that has strong roots everywhere and distributes the load evenly to ensure that nothing collapses. That’s the kind of architecture you want to see in a solution when you trust your users but want to make sure every time.