As you’re adding new platforms, devices, workers and vendors accessing your network, is your security really getting better?
Do any of these sound familiar:
Employees wanting to work remotely?
Apps moving to the cloud?
More devices being used in your office?
More vendors asking for administrative of heightened privileges on your network?
You are likely seeing many of these occurring within your current environment. What you might not realize is that ALL of these factors are tearing down bits and pieces of your network security—pieces you are likely paying good money for.
Are traditional security measures—classifying everything inside our networks as “trustworthy”—are failing today. These legacy concepts of inside being safe and outside not might be putting your network security at risk more today than even a year or two ago.
You see, this antiquated approach—sometimes referred to as the “castle and moat” approach, in which the castle is holding all of your valuable business data and the moat referring to the layers of protection keeping threats out—is no longer good enough for cybersecurity in 2020.
In today’s highly complex and highly networked IT world, one where users have access to all sorts of applications hosted in the cloud and on-premises, all sorts of devices (mobile, desktop and internet of things) and from all over the country (sometimes the globe) both inside and outside your business network, your organization needs a security model that is dynamic, flexible—and most of all—simple.
That’s where zero trust comes in.
Way back in 2010, cybersecurity leaders had started to advocate a new security framework called Zero Trust, moving away from a perimeter-centric approach that advocates for continuous verification of trust across every single device, user and application.
What does this mean? Instead of having continuous trust if you’re within your business network, you need to identify yourself and validate that you are who you say you are—even when within your network.
While this seems relatively simple in theory, implementing a Zero Trust framework may seem a little daunting. Today I want to go through a few areas of “trust” security to consider:
Device Trust—you need to understand what devices on your network you will be able to trust. Make sure you regularly inventory devices on your network, monitor how these devices are being used and where they are accessing and determine if the device can be trusted—is it compliant to your security standards and policies?
User Trust—time and again, password-based authentication methods has been generally the go-to when it comes to verifying a person’s identity. I’m sure you can see—especially with the past year’s heightened effectiveness of phishing attacks (at this point, responsible for more than 90% of network penetrations)—that user verification is a real issue in 2020. To embolden password-based validation, you may want to consider stronger conditional-based validations. For instance, multi-factor authentication can provide harder to hack approach to user protections when accessing your network.
Application Trust—what is the best way to make sure employees are securely and seamlessly accessing applications that they need? Being able to monitor and understand what your employees are actually using at work. With modernization of user authentication, users today are able to perform single sign-on in order to access multiple applications, we gain security and improved user experience. For more traditional applications, you may be able to utilize virtual desktops to create a bridge between those applications and your user’s access.
Data Trust—I’m sure you agree that data security is probably the most important thing you are protecting. Data breaches and cyberattacks both contribute serious risks to keeping your data secure and preventing data leaks. Technologies you may be implementing, such as data loss prevention (DLP) and monitors for unwanted destruction or exfiltration of sensitive data can help your organization ensure that your network is not a leaking faucet of sensitive information (think protected health information here).
Are you ensuring your network is secure?
Protecting your network is not as easy as simple as pulling up a draw bridge. It takes a multi-faceted approach to ensure your data and employees are actually secure.
How to implement a Zero Trust approach?
Most cybersecurity experts recommend getting a network security assessment as a first step to understand where your vulnerabilities lie.