From a UC user access perspective, authentication, device posture checks, encryption and detailed logging are applied across the board for all users, regardless of whether they are working remotely or directly on the corporate LAN. This protection covers not just the LAN, but workload communications inside data centers and clouds as well.

Protecting communications across users, devices, apps and workloads

Keep in mind that zero trust is typically implemented on a corporate network for all critical business applications, data and services within an enterprise -- including UC. On the LAN, lateral movement is restricted through traditional network segmentation via virtual LANs (VLANs) and access control lists on routers and switches. Microsegmentation, another tactic, is challenging because the ongoing management of intricate ACLs across numerous devices can become cumbersome, even with available tools.

A more modern approach to preventing lateral movement within the LAN that better safeguards UC and other services involves replacing traditional VLANs -- and their security limitations tied to broadcast domains -- with a LAN that operates entirely at Layer 3.

Doing so ensures that devices cannot communicate laterally without their traffic first being routed through a firewall. It centralizes lateral movement access control, with the firewall serving as the primary enforcer of access control policies.

A number of security functions must also occur on the back end to secure workflows within data centers and clouds. VM security policies, for example, can be created through hypervisor-based micro-segmentation. This enables microsegments to be created without the need for physical network changes. Public cloud service providers also offer their own native segmentation capabilities to deliver zero-trust microsegmentation across cloud environments.

Finally, workload-based microsegmentation policies can isolate services within a cloud or data center to prevent unauthorized access or lateral movement threats.