Never Trust Anything Again - The Zero Trust World

Uploaded on 2022-05-19 in TECHNOLOGY--Resilience, FREE TO VIEW

It seems everyone is talking about Zero Trust in our data networks, but it is often a goal which cannot be reached, as it depends so much on business needs and user interactions. However, where possible, a Zero Trust strategy can help a business be more secure and avoid costly hacks.

It is a concept that is more relevant and important today than ever, particularly as companies around the world grapple with how to operate, and respond to, the remote working drive and cloud-based services which are taking over. 

Securing the traditional network perimeter (i.e. the moat and castle approach) is no longer sufficient. With the rise of applications being deployed in multi-clouds, and the growing mobile workforce, the network perimeter has all but disappeared.

Even One-Time-Password (OTP) technologies can no longer support diverse networks and connections. True Multi-Factor-Authentication (MFA) has come of age, as required flexibility of authentication is linked to the level of security needed. Hence, the greater the risk to data, the better form of authentication and trust application is needed. Likewise, for an environment which has many tens of thousands of customers, even the most basic of MFA solutions, such as SMS authentication, could be impractical and a barrier to business.

Zero Trust eliminates the idea of a trusted network inside a defined perimeter. Today, you must apply least-privilege user access and scrutinise it as much as possible.  Assume attackers are already hiding in the network and get more context and visibility from the control points.

To enable Zero Trust, organisations must abandon the ‘trust everything, but verify’ approach and adhere to these three principles:

1. Never trust
2. Always verify
3. Continuously monitor

No single vendor can provide a Zero Trust solution, it will require a blended approach to meet the company’s specific business needs. This is where the challenges lie. But what are they?

Zero trust is not a standard, or a specification that vendors can design products and services against. It is an approach to designing an architecture, which means it can be difficult to know what the right thing to do is.

Cost:   As with any infrastructure change, there are usually costs associated with a migration. Both direct and indirect. Direct costs are new products, devices, and services. Indirect costs are the training of support teams in order to learn new processes. 

Disruption:   Moving to a Zero Trust architecture can be a very disruptive exercise. It can take several years to migrate to a fully Zero Trust model, due to the extent of change needed across the enterprise. Defining an end state for a migration is difficult when the model you are aiming for may evolve during the rollout.

Not all products and services are suitable for Zero Trust: Many legacy or fixed process products and services do not fit well with its principles, due to the working practices that surround them. An example is Bring-Your-Own-Device (BYOD) architecture. In this case, it can be difficult to gain a high level of confidence in the status of the devices accessing your services and data, without intruding on the privacy of your user. Another example could be the size of a customer base. If it is too large or diverse it may prevent the identity of working practices needed to ensure a positive trust result.

The temptation for many business leaders is to delay a Zero Trust project because there is no immediate implication for not doing it today, or next quarter. But eventually, it will become a priority because of an attack, or key clients seeing the organisation as a weak link in their supply chain.

If a Zero Trust strategy has not been implemented, it may look like a massive project. Faced with the inevitable limited resources issue, many may struggle to develop a system that works for the individual business needs. Hence, the imperative to start planning now. Businesses should look at their current products for endpoint protection, user authentication and network monitoring and see how they can be manipulated to start the foundation of a Zero Trust policy. From here, any new security solution purchase can be reviewed in light of the Zero Trust plan, ensuring it fits.

Zero Trust provides higher security, from the endpoint through to the application, than traditional approaches. By constantly authenticating and authorising, it's possible to securely enable the mobile workforce, reduce data losses and improving productivity with streamlined access

Colin Tankard is Managing Director at Digital Pathways

You Might Also Read: 

The Frailty Of Email:

 

« A Short History Of Cyber Crime - Part 1- Its Motivations
Conti Attack US Precision Engineering Business »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Verisec International

Verisec International

Verisec International AB is a Swedish Tech company focused since inception in enabling Trust in Digital Transactions, through the development of proprietary cutting-edge technologies and services.

Microsoft Security

Microsoft Security

Microsoft Security helps protect people and data against cyberthreats to give you peace of mind. Safeguard your people, data, and infrastructure.

Sungard Availability Services (Sungard AS)

Sungard Availability Services (Sungard AS)

Sungard AS partners with customers around the globe to understand their unique business needs and provide production and recovery services tailored to their requirements.

Vesta

Vesta

Vesta Corporation is a global provider of a scalable suite of fraud and payment solutions for online commerce.

Fischer Identity

Fischer Identity

Fischer Identity provide identity & access management and identity governance administration solutions.

Cohesity

Cohesity

Cohesity radically simplifies the way businesses back up, manage, protect, and extract value from their data—in the data center, at the edge, and in the cloud.

Onesecure Asia

Onesecure Asia

ONESECURE Asia’s expertise and services are built around its mission to provide reliable, robust and scalable technology solutions to cater for its customers’ needs.

NWN Corp

NWN Corp

NWN Corporation is a leading Cloud Communications Service Provider (CCSP) focused on transforming the customer and workspace experience for commercial, enterprise and public sector organizations.

Avancer Corporation

Avancer Corporation

Avancer Corporation is a multi-system integrator focusing on Identity and Access Management (IAM) Technology. Founded in 2004.

Lumifi

Lumifi

Lumifi provide end-to-end cybersecurity resilience solutions with a specialty in managed detection and response (MDR) services.

eCapital

eCapital

eCAPITAL is a leading venture capital firm that provides early to growth stage funding to technology companies in fields including software & information technology, cybersecurity and industry 4.0.

Focus Digitech

Focus Digitech

Focus Digitech helps you with your digital transformation journey with our main core offerings of Cloud, Cybersecurity, Analytics and DevOps.

ITQ Latam

ITQ Latam

ITQ Latam are specialists in cybersecurity, in a convergent ecosystem of technological solutions in infrastructure, cloud and security networks.

Pistachio

Pistachio

Pistachio is the new evolution of cybersecurity awareness training and attack simulations.

ABM Technology Group

ABM Technology Group

ABM Technology Group (formerly True IT) provide business information technology services, solutions, and consulting for small to mid-sized organizations.

nandin Innovation Centre

nandin Innovation Centre

nandin is ANSTO’s Innovation Centre (Australian Nuclear Science and Technology Organisation) where science and technology entrepreneurs, startups and graduates come together.