Verizon’s Business Group has embedded its Software Defined Perimeter (SDP) service across its Private IP networks to create its new Zero Trust Architecture. The move continues the integration of assets acquired from Vidder last year, and what has been a multi-year process by Verizon to fortify its enterprise-focused connections.
The new Zero Trust Architecture blocks connectivity to servers and applications from unknown devices. The carrier said this makes corporate data “virtually invisible to anyone without approved access.”
The technology isolates an enterprise’s servers from vulnerabilities and configuration errors. It also uses One-Time Password (OTP) and Transport Layer Security (TLS) for multi-factor authentication. The system allows for an authorized user list that manages access to applications on an as-needed basis.
The Verizon SDP service can be accessed once the necessary clients are deployed by an enterprise. It is then available to Verizon’s global Private IP and Ethernet customers across 800,000 network route miles in more than 150 countries.
Isolation, Two-Factor Authentication Are Key
Vickie Lonker, VP of product management and development at Verizon, explained in a statement that with the Zero Trust Architecture deployed “all users are isolated from the corporate network but are still able to directly access their authorized applications.”
Verizon noted in its recent 2019 Data Breach Investigation Report (DBIR) that 29% of the 2,000 data breaches the report investigated involved stolen credentials. It stated that misconfiguration errors in the cloud were increasing year over year, which highlighted the limitations of relying only on perimeter security controls to protect corporate data.
Gabriel Basset, senior information security data scientist at Verizon and co-author of the report, explained that attackers continue to take short attack paths compared to longer ones — meaning they prefer fewer steps to accomplish a breach. And because of this, companies should focus on preventing easy attacks like phishing and credential stuffing.
“Turn on two-factor identification,” Basset said. “When I started doing the DBIR four years ago, I said this is the year you should turn on two-factor authentication.”
Verizon’s SDP Journey
Verizon initially launched the SDP service in 2017. That initial launch tapped into work by security company Vidder, which wrote the software.
Verizon soon after integrated the SDP service into its Virtual Network Service (VNS) platform, which tapped into the carrier’s work with white box universal customer premises equipment (uCPE). That work went well enough that a year later Verizon bought Vidder’s SDP assets for an undisclosed amount.