The Zero-trust Model Explained
Traditional cyber-security protocols often can’t keep up with the rapidly evolving nature of modern workplaces. In particular, the complexity of hybrid work arrangements, the rising number of fully remote employees and the dramatic increase in the use of cloud-based systems may make traditional perimeter security ineffective. Fortunately, a new security model, known as “zero trust,” is needed to keep corporate networks safe.
Rather than trusting the identity and intentions of users within an organization, a data breach is presumed with every request under a zero-trust approach. Consequently, every access request must be authenticated and authorized as if it originated from an open network. As such, a zero-trust model can help reduce an organization’s attack surface area and prevent lateral movement—where attackers are able to move freely within the organization’s perimeter once access is gained. This is especially important, seeing as lateral movement was observed in 25% of all attacks, according to a recent global report by cloud computing company VMware.
Consider these tips for adopting a zero-trust approach in your organization:
- Define the attack surface. To adopt a zero-trust framework, your organization’s critical data, assets, applications and services must be identified. This critical information forms a “protect surface,” which is unique to every organization.
- Create a directory of assets. Determine where your sensitive information lives and who needs access to it. Additionally, understand how many user accounts your organization has and where these connect. Consider removing old accounts and enforcing mandatory password rotation measures.
- Adopt preventive measures. Give users the least amount of access necessary to do their work and use multifactor authentication to verify accounts. Also, establish micro-perimeters to act as border control within the system and prevent unauthorized lateral movement.
- Monitor continuously. Inspect, analyze and log all data and consider analytics to improve visibility and enhance defences. Further, ensure your organization swiftly escalates and stores logs with anomalous activity or suspicious traffic.
By adopting a zero-trust approach, your organization can significantly reduce the risk of becoming a cyberattack victim and better secure its network, applications and data.
Did you know that 60% of small and medium businesses don’t survive after a cyber attack? Protect your business with Cyber Insurance, call us at 780.424.2727 or click here to get a quote.