Here’s why Zero Trust is becoming increasing popular in its ability to stop IT Security breaches
What is Zero Trust?
Zero Trust is a security model that, whilst not exactly new, is becoming more popular due to the technologies required to implement it becoming more mainstream. Fundamentally, it’s based around the concept that a person or device should not be automatically trusted no matter the location, inside or outside the organisation’s perimeter.
This is the opposite of the historical and traditional view, whereby once a device was authenticated at the perimeter, or physically connected to the internal LAN, it should be allowed access to internal systems and applications. With the expansion and mainstream adoption of cloud and the significant increase in remote working, this ‘castle and moat’ type architecture is no longer practical, with applications and data being more and more widely distributed.
The primary driver for this 'trust no one' type of approach to security is the increasing frequency and sophistication of cybersecurity attacks, whereby once an attacker has gained access to a company resource such as a desktop, laptop or mobile device - they can then freely move around the network from systems to system attempting to increase access privileges and gain access and/or control of critical data and systems.
Why is Zero Trust important?
Zero Trust is one of the most effective ways for organisations to control access to their networks, applications, and data. It combines a wide range of preventative techniques including identity verification and behavioural analysis, micro-segmentation, endpoint security and least-privilege controls to deter would-be attackers and limit their access in the event of a breach.
ZTNA should form part of an organisations overall security posture that is guided by best practices defined in certifications such as Cyber Essentials+ and ISO27001.
Here are our 5 recommended steps to adopting a Zero-trust approach.
1. Logically separate people and applications
In order to protect applications and data, they must be logically separated from the people trying to access them with both ingress and egress traffic strictly controlled.
2. Trust No One
Before access is granted to applications or data a person must prove they are legitimate and trustworthy, regardless of location; outside or inside the network perimeter.
3. Verify Identity
Simple username and password combinations are no longer suitable for authentication. MFA must be implemented by default to validate the identity of a person and check the validity of a device requiring access to organisation IT assets.
4. Limit Privileged Access
Only give people access to systems, data and resources they logically need to do their job and eliminate generic or non-named accounts. This must be audited and auditable.
5. Never Ignore Devices
Devices used should be verified to ensure they are secure. For example, are they are known and trusted devices, fully patched up-to-date and have the necessary security protections such as anti-virus, anti-spam, anti-malware and disc encryption installed, enabled and up to date?
Additional Considerations when implementing Zero Trust Network Access (ZTNA)
Multi-factor authentication (MFA) - a security technology that requires multiple methods of authentication from independent categories of credentials to verify a user's identity for a login or other transaction. MFA combines two or more independent credentials: what the user knows, such as a password; what the user has, such as a security token (SMS or Email code); and who the person is, by using biometric verification methods, such as face or fingerprint recognition. Use this anywhere and everywhere possible.
Security Operations Centre (SOC) - a facility that houses an information security team and solutions responsible for monitoring and analysing an organisation’s security posture on an ongoing basis. The SOC team’s goal is to detect, analyse, and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes. SOC staff work close with organisational incident response teams to ensure security issues are addressed quickly upon discovery.
Security Information and Event Management (SIEM) - a set of tools and services offering a holistic view of an organisation’s information security. SIEM tools provide:
-Real-time visibility across an organisation’s information security systems.
-Event log management that consolidates data from numerous sources, a correlation of events gathered from different logs or security sources, using if-then rules that add intelligence to raw data.
-Automatic security event notifications. Most SIEM systems provide dashboards for security issues and other methods of direct notification.
A data and identity-centric Zero Trust framework can provide a solid defence against data breaches and advanced cybersecurity threats. All attackers need to break into your network is time and motivation — firewalls or password policies don’t deter them. You should build internal barriers and monitor activity to catch their movements when, not if, they break in.
Analysing an organisation’s breach potential and security score is a great starting point, as is profiling the risk of breach. From that knowledge, a tiered security model can be designed to match the risk profile, using multiple provider solutions and layering technologies to give a robust defence. People are often the weakest link exploited, which is why awareness training, processes and testing are intrinsic.
If you’d like to find out more about Zero Trust visit our events page to sign-up to our 3-part workshop series where we’ll get hands-on with these solutions through real-time product demonstrations.
Technology moves fast, we do too and so can you. If you’d like more information, Talk to us.