Traditional remote access technologies, like VPN, rely on antiquated trust principles where everyone outside of the network perimeter was “bad” and everyone inside was “good”. Moreover, when you connected via VPN you were then inside the network and “trusted”. This approach overlooked threats that managed to compromise the endpoint and get inside the network where the bad actors were then free to move around, accessing resources and high-value assets like customer data — or launching a ransomware attack.
So, what does Zero Trust look like in practice? Zero Trust promotes explicit policies, such as multi-factor authentication (MFA), which are informed by signals coming from users, devices, and networks, such as authentication received from a third-party app.
BUILDING ON AN EXISTING FOUNDATION
It’s important to not think of Zero Trust as one discrete technology. Rather, a Zero Trust architecture (ZTA) using a variety of different technologies and principles to address common security challenges through preventive techniques. These technologies include identity verification, access control, resource protection, policy and orchestration, and monitoring and analytics. In a ZTA, many of these solutions are pulled together into single sign-on capabilities which make it easier for users to log on. In terms of access control, organisations often have all-to-all connectivity as a default mode. These processes facilitate an environment where each device can exchange any data directly with every other device. However, organisations should instead consider establishing an environment where identities are individually verified and access is mediated, logged, and analysed to reduce vulnerability.
The first step of implementing a ZTA is to start with a maturity assessment to figure out where an organisation is and where it needs to be. However, most companies don’t have to start from scratch and can build on an existing infrastructure where a lot of the technologies that are needed to get to Zero Trust are already in place. In the case of data/resource protection, organisations would need to have data encryption (at rest and in transit), data classification, data asset classification and sensitivity analysis, data leakage prevention (DLP), and file integrity monitoring (FIM).
The Advanced hack exposes the vulnerability of our critical services to attacks. The disruption will likely have a longstanding impact. The build up of huge volumes of medical paperwork and backlogs will likely take months to process. Unfortunately in today’s climate, it’s not a case of “if” but “when” ransomware attack attempts will occur. With a Zero Trust model, companies are able to stay protected from online dangers as they build resiliency into their networks. By implementing authentication and segmentation rules, as well as carefully monitoring all network activities, companies can arm themselves with the right tools against ransomware and other emerging threats.