Zero Trust Security: Who do you trust when it comes to security?
The recent incidents of ransomware attacks have rattled the world of IT and data security. From the SolarWinds hack in December 2020 to the recent strike on JBS Meat, we have witnessed an apparent surge in the number of cyber-attacks.
The world is still recovering from the Colonial Pipeline hack that took down the largest fuel pipeline in the U.S. and led to major shortages across the East Coast. The fact that the event was the result of a single compromised password forces us to re-think our cybersecurity strategy.
Last year, the pandemic forced us to add capacity to support remote working for our businesses. Most organizations have faced an increase in the number of phishing, identity theft, ransomware, and other similar attacks over the last 12 months.
The companies have been adapting to the new normal and doing their best to cope with the ongoing changes. In 2021, organizations are optimizing their investments with a focus on employee experience, administration ease, improving visibility, and better threat response, given the new normal.
Zero trust security seems to be gaining ground. Based on a survey conducted by Enterprise Management Associates (EMA) and Pulse Secure, 60% of organizations have accelerated their zero trust projects during the pandemic, while only 15% have slowed down.
Zero trust requires context-based access, which is not easy to implement without some thorough groundwork. This is not easy to implement without a complete understanding of the information assets within the organization.
Successful zero trust implementation depends on the following factors:
In order to do zero-trust security, organizations have to embrace information governance and build an enterprise-wide DataMap as a foundation that informs the security posture. The sheer volume of users, data, devices, applications, etc. requires a good understanding of the following:
What kind of information exists within the corporation and detailed classification on what is critical and sensitive
Who created it, who owns it, and who uses it
How it is being used (devices, type of usage, etc.)
The data map gives you a clear picture of where every piece of data is stored and helps answer the above questions. This can be a starting point from which an organization can start to protect data. Once you have a good understanding of your organization’s needs and where your most critical data is stored, access to the data can easily be restricted at each stage to only those who require it.
Map the Data Flows
The way data moves across a network determines how it should be protected. Thus, it is important to gain a detailed insight into your data flows both within and outside the organization. Documenting how specific resources interact and how the data moves between these resources will allow you to properly enforce appropriate controls.
A proper and complete understanding of your data and its flows will ensure the controls you have in place can actually help protect your data and not disrupt the business.
Identity and Access Management
Identity and access management is another critical aspect of the zero-trust strategy. It helps answer the following questions:
User’s context (i.e., Who are they? )
Application context (i.e., the applications accessed by a user)
Device context – devices used by a user (corporate-owned device or a personal device)
Location and network from which the user is trying to access this information.
Develop Risk-Based Approach to Authentication and Access Management
It will be much easier to architect zero trust networks with a good understanding of data, how it flows, people who access this data, and for what purpose.
Once you understand the data, infrastructure, users, and the type of access required, it is possible to put controls in place to protect the data and the infrastructure with a relative degree of confidence.
It would be easier to create a micro-perimeter by deploying a segmentation gateway (next-generation firewall) to ensure only known, allowed traffic or legitimate users have access to the critical or sensitive data. In other words, design multiple layers of security around the more critical data.
Like in the case of Harry Potter, only the person who wishes to see it but not use it will get it. You can employ multiple layers of authentication to ensure protection at every stage. If a not-trusted user tries to log in to the system, the user will face more hurdles or challenges before being authenticated into the network.
Harry Potter and the Sorcerer's Stone
Monitor and Log with Security Analytics
Advances in AI and machine learning capabilities have made it much easier for the security teams to automate logging and monitoring. This helps to simplify the process of tracking and analyzing data. Continuous learning and analytics can help inform and improve the program on a regular basis.
Zero trust is a security model that does not let organizations trust anything by default and is rooted in the principle to “never trust, but always verify”.
Cyberattacks are constantly evolving and these attacks are not going to stop anytime soon. In the event of a breach, zero-trust security helps minimize the attack surface as it stops lateral movement across the network.
But adopting zero trust is not easy as it requires organizations to spend the time and effort to lay the groundwork and understand the data and how it's being used. Without this knowledge, adding a layer of security would end up just frustrating the users and disrupting the organizations' ability to do business.
Are we willing to do what it takes to improve the security posture? Do we have the time to understand what we have and why we use it? Do we have time for Information Governance?