ZERO TRUST TIME

ZERO TRUST EVOLUTION

Companies worldwide are seeing the rapid evolution of digital transformation in the workplace. Hand in hand with this phenomenon is the large-scale adoption of remote working, primarily a consequence of the coronavirus pandemic. These two factors make the cybersecurity of any IT infrastructure a priority for all C-suite executives wanting to protect their data and safeguard their business. While it is vital that data can be accessed by those who need it to do their jobs – from anywhere and at any time – it is also vital that data is protected by strict and regulated security policies. This is where Zero Trust comes into play.

NEVER TRUST ALWAYS VERIFY

Zero Trust is underpinned by the principle of ‘never trust, always verify’ and is a giant leap forward over old cybersecurity models for businesses. Traditional security models operated on the outmoded premise that once something or someone was part of an organization’s IT network, they could be trusted. This was indeed a foolish notion as all hardware and software should be continuously monitored with granular security applied. Moreover, any user could be a malicious insider or bad actor who could move laterally across an IT network and access in exfiltrate sensitive and business-critical data.

ZERO TRUST VERSUS TRADITIONAL CYBERSECURITY

Unlike traditional cybersecurity models in which all users were considered trustworthy once past the network perimeter, Zero Trust embodies a much more cynical and dynamic approach. It uses the principle of least privilege (POLP) which limits access to data and applications only to those who need it. The knock-on effect is that the potential lateral movement of hackers through a network is almost eradicated. Furthermore, Zero Trust enforces struct device authentication and authorization throughout an IT network. This means that every instance of access request by a user or an entity is checked whether onsite, in the cloud or hybrid. An effective Zhero Trust strategy also provides a real-time runtime evaluation of users, devices, apps and data attributes against an organization’s access control policies.

ZERO TRUST FIGHTS  RANSOMWARE

When interviewed by Forbes, cybersecurity expert David Canellos expressed his concern over the number of high-profile breaches that happened last year and their supply chain impact, including hacks on Acer, Colonial Pipeline, JBS and Kaseya. He said:

“In 2021, we’ve seen increases in the number and scope of ransomware attacks and related breaches, with high-profile attacks on critical infrastructure, national health services and food supplies. According to recent predictions, 2021 is on track to chalk up over 65,000 ransomware attacks by year-end. While the growth of ransomware-as-a-service schemes has made ransomware more widely available, a good deal of the growth can be attributed to sophisticated supply chain attacks as well as diverse phishing and web delivery systems — injectors, trojans, worms and drive-by downloaders — that stealthily drop ransomware payloads.”

Canellos also reiterated the importance of Zero Trust adoption as a ransomware deterrent. In the same Forbes interview he emphasized how many businesses were inculcating the strategy into their IT practice:

“Today, more than a decade after the zero trust approach was formulated, it’s near-universally acknowledged as the most effective way to protect organizations. Spurred by the pressing need to address cybercrime trends that were exacerbated by the past year’s rapid move to remote work, many organizations are starting to assess how they can implement zero trust security principles in their own IT operations.”

CREATING A ZERO TRUST STRATEGY

In adopting Zero Trust cybersecurity, one of the first steps is the identification of the network’s most critical and valuable data, assets, applications and services. This means you will be able to prioritize where to start and decide on the best way of creating your Zhero Trust security policies. Then you should determine who all your network users are, the applications that they use and how they connect to the network. That way, you can develop and enforce a policy that guarantees secure access and comprehensive protection of critical data.

BUILDING A ZERO TRUST ARCHITECTURE

An all-encompassing Zero Trust strategy needs to focus on users, applications and infrastructure:

  • Users – you need a robust authentication of user identity, apply ‘least access’ policies, and be able to securely verify user device integrity.
  • Applications – you will remove the assumption of implicit trust associated with the components of applications when they communicate with one another. Remember that applications, like users, cannot be trusted and continuous monitoring at runtime is required to validate response and behaviour.
  • Infrastructure – every component of your IT network including workstations, routers, switches, firewall, cloud, IoT, and supply chain must be umbrellaed by your Zero Trust policy.

ZERO TRUST BENEFITS

  • a dynamic and secure connection between the user or device and an application
  • facilitates the provision of multi-cloud hybrid IT access security
  • significantly reduces cybersecurity threats and lateral hacking within networks
  • provides insight into access activity
  • improves compliance auditing

TRUST IN ME

While companies big and small see the need for Zero Trust adoption, David Canellos feels that SMEs are at a disadvantage when it comes to the cybersecurity strategy. He said:

“Despite the tailwinds that have pushed small and midsize organizations toward digitization, many remain at earlier stages in the zero trust journey than their larger counterparts. The lag isn’t always by choice: With limited IT resources and security budgets, midsize enterprises and small businesses often find that most zero trust cloud security solutions are out of their reach.”

If you are an owner or C-suite of an SME, Canellos’ words don’t necessarily have to ring true. I have 20 plus years of experience in professional business IT, specializing in cybersecurity and risk mitigation. Together we can create a Zero Trust strategy that is custom-made for your IT network, whatever its size. I offer affordable IT consultation and solutions for SMEs needing to jump on the Zero Trust train. Call me now and let’s find a foolproof cybersecurity solution that works for you.

Leave a comment