ZERO TRUST STRATEGY FOR ANYONE OR ANYTHING
Anybody who knows anything about the world of IT and cybersecurity is fully aware of the multitude of cyberthreats that exist out there. These include bad actors, insiders, hacktivists, bots and even infected devices. For IT security teams, it is vital to distinguish a legitimate user from a threat actor. This is where a zero trust security framework becomes a necessity to reduce risk, increase productivity and improve your business agility. Zero trust is based on the premise that there are too many malicious threats to trust-on-first-use and never banks on the good intentions of a user or device connecting to an IT network. Put simply, a comprehensive zero trust strategy assumes that every user and device is malevolent until proven otherwise.
This all sounds good but implementing zero trust is not without its challenges. For the strategy to be effective and protect you against ransomware and other cyberthreats, all users and devices need to be authenticated, authorised and continuously validated before being granted access to applications and data. The problem is that very few organisations possess the expertise to create an infrastructure that can verify and authenticate users each time they access a network. According to Fortinet, 84% of respondents surveyed had implemented some form of the strategy. However, 59% of these don’t have the ability to authenticate users and devices on an ongoing basis and struggled to monitor users post-authentication. So where does that leave the zero trust state of play?
Just last week, Deloitte, the London-headquartered professional services and accounting firm, released Zero Trust Access, a managed security service that IT teams can use to secure all communications between users, devices, applications and data. Zero Trust Access utilises peer-to-peer (P2P) connectivity between end users and applications meaning that sensitive data doesn’t travel through any devices managed by third parties. Zero Trust Access will prevent man-in-the-middle attacks and also significantly reduce risks to third-party exposure. The service also encapsulates continuous user authorisation and continuous inventory, classification and monitoring of an IT infrastructure.
THE DANGERS OF REMOTE ACCESS
In this day and age of remote and collaborative working, giving the benefit of the doubt to a potential threat actor and have wide-ranging consequences. Your systems could go offline with your business suffering reputational damage. Worse still, a massive data breach can cost thousands or even millions to rectify. As such, zero trust is a must-have to protect your IT and your business. Leader of Deloitte’s Zero Trust Access offering, Andrew Rafla, explained the shortcomings of legacy security systems for remote access and said:
“Legacy approaches for remote access to enterprise resources are typically dependent on routing network traffic through corporate data centres and layering additional controls for threat detection and prevention. However, those legacy approaches and technologies often grant implicit trust to the entire enterprise upon successful authentication, which can increase the risk of lateral movement threats and violate the core zero-trust principle of ‘never trust, always verify.’”
To secure your IT, ‘never trust, always verify’ is an indispensable prerequisite.
TRUST IN ME
Like Deloitte, I can help you to develop and implement a strategy that works for your business. I have more than 20 years of experience in the provision of IT support for SMEs, specialising in cybersecurity and risk mitigation. Contact me today and let’s work together to keep you cyber safe and your precious data secure.