You may be hearing the term "zero trust" more often these days. Though the concept has been around for years, it’s gained more traction since the mass migration of employees working remotely.
Zero trust centers around a strict methodology that requires that everyone trying to connect with an organization’s digital workplace environment provide verification before getting access.
HOW IS ZERO TRUST DIFFERENT?
Employees, clients, and vendors probably already provide some sort of verification before accessing your system. That’s great, but it’s no longer sufficient if you’re using cloud solutions and your data is scattered across multiple locations. With zero trust, there are a number of added safeguards. No one is trusted by default, even those already inside your network perimeter.
WHY YOU SHOULD RESTRICT USER ACCESS
When we talk to corporate decision-makers about zero trust, one of the first things they typically say is, “I trust all of my employees.” This is probably true for most organizations. But employee trust has little to do with why implementing zero trust is so important. The larger issue is that there are bad actors around the world trying to impersonate employees and take advantage of the trust the organization has in them.
HOW DOES ZERO TRUST WORK?
Think of your organization’s digital workplace environment as a hotel, where individuals are constantly coming and going. In order to ensure the safety and security of the property, staff, and hotel guests, the hotel puts certain safeguards in place.
It may have security cameras in the parking lots, at all of the entrances, and in the elevators. It requires some form of ID and a credit card when guests check in, so it knows the people receiving room key cards are who they say they are. It also restricts key card access, so each guest only has access to his or her room and no one else’s.
Guests coming into the hotel aren’t offended by these precautions. In fact, they’ve come to expect them as best practices that are put in place for their own protection.
LIMITING USER PRIVILEGE THROUGHOUT YOUR INFRASTRUCTURE
Even with these precautions, security breaches may still occur. For example, a hotel guest who’s been verified at the front desk could accidentally leave his room key card by the pool. Someone else could take the card and potentially gain access to the room. Or, the guest who’s lost the card could go to the front desk and request access to his room without proper identification.
One simple mistake can open the hotel and its guest to compromised security. The same is true in the workplace. In fact, a recent study indicates that 82% of data breaches involved the human element, including errors, social attacks, and misuse.
Zero trust offers organizations a set of sound policies and processes that help prevent intentional — and even unintentional — breaches of security by validating users, devices, applications, and data on an ongoing basis. This helps ensure that everyone who’s interacting with your data is who they say they are, providing peace of mind to your organization, employees, clients, and vendors.
Without these stringent security safeguards, it’s only a matter of time before cyber villains show up without reservations.
MAINTAINING A SECURE INFRASTRUCTURE IN THE CLOUD
Using our hotel analogy, it’s easy to see why certain safeguards are necessary to protect your organization and its data, regardless of how trustworthy your employees are.
Things get more complicated when we consider that most businesses don’t have their data in just one location. Especially over the last few years, many businesses have moved much of their data off-premise to home networks or the cloud.
Twenty years ago, network security was all about safeguarding a location. It was common for all of an organization’s data to be housed in one place, where everything within that perimeter was protected. Eventually, new ways of doing business came along that required us to move portions of our data to locations off-site. Think of it as packing up your data and moving it to various storage units throughout the country or the world.
You may move one bundle to a storage unit managed by a third-party payroll provider. You pack two more bundles and move them to storage units managed by SaaS applications such as Microsoft Office 365 and Salesforce. A fourth bundle gets moved to a Google Cloud storage unit. Other bundles are moved to storage units that house data centers. Then COVID-19 hits, and you move countless bundles to storage units managed by your remote users.
Before you know it, your data is stored in 50 to 100 different storage units managed by a variety of sources. Some of the units may have top-of-the-line security systems. Others, like your home network users, may not have any security at all. What’s more, your home network users may move more bundles of your data to additional units such as Dropbox and IoT without you even knowing it.
Lastly, because organizations have so much data and it’s being moved to so many offsite locations, it’s not uncommon for data to be misplaced and duplicated. It’s like the Christmas lights you packed away and can’t find, so you go to the store and buy more. Lost and forgotten data is even more at risk because no one’s making sure it’s being protected.
You can see why a location-based security model no longer fits the way most organizations operate.
HOW THE NIST FRAMEWORK CAN HELP
Because of the complex way data now moves across most digital workplace environments, implementing security isn’t as easy as implementing one or two solutions. Instead, zero trust involves a series of protocols that address the unique structure of each organization.
Marco uses cybersecurity best practices as outlined by the National Institute of Standards and Technology (NIST) and other top cybersecurity agencies. The NIST Cybersecurity Framework (CSF) includes guidelines for zero trust architecture that can accommodate cloud solutions and remote work.
Key takeaways include:
- Verification is important at all times and for all resources.
- If a breach does occur, you need to contain the damage quickly.
- Automation is the best way to accurately identify unauthorized access.
NOT SURE IF YOU’RE FOLLOWING THE SECURITY FRAMEWORK?
If your organization has experienced changes in the way you move and interact with your data and is still using a location-based security paradigm, Marco can help you assess your security risk and design a zero-trust solution that addresses your unique needs.
Even if you already have a fully-staffed IT department, it’s often helpful to get an outsider’s perspective regarding the rapidly evolving cybersecurity landscape. If you already know that your organization needs additional help with cybersecurity, our co-managed IT can help you gain enterprise-scale capabilities and peace of mind quickly, without adding more full-time staff.