When it comes to security, it pays to have Zero Trust
Following a rapid shift towards remote working and accelerated cloud adoption, businesses are dealing with numerous challenges to support suddenly distributed teams. Security teams face the greatest challenge of all: keeping company data secure and preventing unauthorised access to accounts from a distance.
Our research of cyber security professionals found that only 34% of security professionals felt they were very prepared to support employees working from home securely.
With teams dispersed from the safety of the organisation’s network, the traditional perimeter is no more. Security teams have considerably less visibility and control leaving businesses more vulnerable against a range of threats.
As cloud adoption has risen, cyber attacks have grown by a staggering 50%, evidence that criminals are keen to take advantage of this changing environment while businesses try to adapt. Now, a combination of identity and context will effectively become the new perimeter as traditional enterprise firewalls become less and less relevant.
Organisations need to adapt and develop a zero trust stance on security.
What is Zero Trust?
Zero Trust is a security model that requires strict identity verification for every person and device trying to access resources, regardless of their location -whether you’re working from home or sitting within the network perimeter.
A Zero Trust approach may seem like an extreme one to take. However, it is vital in today’s cyber security landscape, where network threats are simply no longer external.
This added layer of protection is vital in data breach prevention, and associated costs that come with it.
Why is Zero Trust important?
In order to get things accomplished, trust must ultimately be extended so it can be continuously assessed for appropriate levels of risk.
Focused on resource protection, it is the premise that trust is never granted implicitly but must be continually evaluated. The security ecosystem should adapt to changes in risk accordingly.
The whole concept of Zero Trust becomes even more relevant now that people are working out of bedrooms and kitchens. Up to now, network security has been built on TCP/IP, which was designed at a time when trust could be assumed under much easier and controlled conditions.
Unfortunately, this unwarranted implicit trust has led to excessive latent risk, particularly as IP addresses are weak identifiers and can leave organisations vulnerable. This vastly increases the risk of Account Takeover (ATO), which is already a major concern with remote working and can have a huge impact on organisations both financially and in terms of reputation.
Trust no one; protect everyone
Implementing Zero Trust Network Access (ZTNA) allows IT teams to verify and assess risk continuously. Whereas the old model was based on ‘connect then authenticate’ with ZTNA this is turned on its head and becomes ‘authenticate then connect’.
With employees working remotely from a wide range of locations, it is more important than ever to consider the context around the authentication request. Businesses can do this by:
- Reducing risk: Implementing adaptive Multi-Factor Authentication (MFA) in the first instance. Not only does this help to reduce the risk from poor employee password hygiene, including reuse of passwords across multiple services, but also takes context into account – such as device, network location, and geolocation – when making the decision to allow or block access.
- Contextualising the information: Once the user is identified and authenticated, they are connected to the services they are entitled to, based on all available contextual data.
Beyond this, the adoption of Zero Trust Network Access will drive the death of the VPN.
Currently, in order to protect mobile devices, organisations need to use a VPN to ensure that these devices remain protected. By implementing ZTNA, businesses can enable access whilst authenticating first to an intermediary layer (the ZTNA controller) before connecting to applications and associated data.
With context and identity now forming the new perimeter, businesses need to adopt technology that not only keeps the environment secure, but also delivers the best possible (remote) user experience.
On the journey to Secure Access Service Edge (SASE) the first stop for many organisations will be ZTNA. While not all organisations will need every element of either ZTNA or SASE it’s important to map out the route to SASE now, to ensure that technology decisions made today do not cut off the most effective and efficient paths to SASE in the future.
Stay tuned to find out how Censornet are committed to supporting your journey to SASE, first stop Zero Trust Network Access, and where we are heading even beyond that. To a world where Security is decoupled and policy is set once, centrally and then enforced seamlessly wherever it needs to be.