Adopting Zero Trust Strategy: What Enterprise IT Teams Need to Know

Enterprise IT has operated on trust all these years and paid the price for it. Costly breaches have been all-too commonplace. The number one reason for most of the breaches has been the users. User carelessness, incompetency, and even rogue insiders top the root causes of major breaches.

Enterprises now seek to end such assumed trust. They fortify their networks through strict user and device authentication. The success of such a zero-trust model depends on the right architecture, technology, and products. This technology blog discusses five things enterprise IT needs to know before adopting a zero-trust strategy.

1. Use Identities to Control Access

Conventional IT security, with its VPNs and firewalls, focus on the perimeter to keep intruders out. But with the cloud and remote work, such an approach has become obsolete. When almost all users access the network from outside, it becomes difficult to pinpoint hackers from genuine users. When remote access uses unsecured endpoints and public networks, it becomes even more difficult.

The new zero-trust approach makes identity the new perimeter. Strong authentication systems validate the identity before allowing access to the resource. Identities include people, services, and IoT devices.

Here are the best practices for identity-based access management.

  • Replace passwords with multi-factor authentication. Passwords are a pain point for most users. For all the hassles, cybercriminals can crack passwords easily. Apply two or more verification factors instead. Secure these authentication factors with cryptographic key pairs, a private key and a public key.
  • Use a local gesture, such as biometrics, to unlock the private key.
  • Automate to authenticate the public key. If the user has to authenticate every five minutes, it soon gets cumbersome, to the point of being unable to work. Seek validation through other methods, such as checking the endpoint.
  • Provide role-based access, with the principle of least privileges. Grant access only for the specific resources needed to do the job, and nothing else.

Power tools, such as Armis, identify and secure all devices connected to the network, and eradicate blind spots. These tools offer 100% real-time asset inventory, with asset classification.

2. Focus on Continuous Authentication

The Zero Trust approach is “never trust, always verify.”

Zero-trust assumes users in the network as compromised. The network assumes breach and verifies each request as if it originates from an uncontrolled network. To get this right:

  • Apply continuous authentication to validate users, IoT things and devices. Monitoring tools raise triggers on detecting changes in the identity’s IP address or routine behaviour patterns.
  • Allow access based on real-time analytics.
  • Deploy network monitoring, and track applications for abnormal behaviour.

Armis is a handy tool for such situations. The tool tracks behaviour and connections and raises alarm on the first sign of anomalies.

3. Segment the Network and Applications

Today’s mobile-first and cloud-first environments allow hackers free access. If they gain entry, they can move laterally across the network. Network segmentation places controls that restrict the hacker’s reach and also enhance visibility.

The ZeroTrust model applies user identification and device authentication throughout the network. It limits specific users from accessing different segments of the network. The model reduces the odds of hackers gaining access to critical data, even if they get into the network.

  • Undertake deep in-network micro-segmentation to contain threats. Apply granular policies enforced by role-based access to secure sensitive systems and data.
  • Use technology to discover shadow IT, and apply controls over it.
  • Ensure appropriate in-app permissions for enterprise apps.

Doing all this manually, or with a set of disparate tools, is hard work and ineffective. Armis automates critical threat detection and response and offers an integrated solution. All devices get a risk score. Real-time contextual threat intelligence makes explicit gaps. It also enables auto-segmentation and auto-implementation of risk-based policies.

4. Apply Uniform Policies across Devices and Endpoints

The Zero-Trust model requires uniform security policies for all devices connected to the network. This includes applying the same corporate policies as applied in a corporate laptop on employees’ devices. The uniform policies extend to employee, contractor, partner, and guest devices. Likewise, uniform policies apply regardless of the endpoint. The security policies remain the same for PC, smartphone, tablet, wearable, or IoT devices. Likewise, there is no change if access is through the corporate network, private network, or through a public connection.

  • Review the security controls in place on the protect-surface. Incorporate new tools as needed, and based on the policy.
  • Define roles and access controls for each user. Operationalize roles and tie them to the policy as part of the authorization.
  • White list software and applications.
  • Keep the number of roles in check to prevent management issues later. Too many roles eventually lead to several accounts that are not updated. Such a scenario is the perfect breeding ground for breaches.

A common inclusion in any zero-trust model is monitoring and alerting tools. Armis offers critical threat detection and response capabilities. The tool tracks behaviour, highlights anomalies and takes prompt action. It integrates with incumbent workflows, making IT administration easy.

5. Adopt a Phased Implementation Approach

Zero trust is not a one-off security enhancement project. It is more a mindset, or a strategy decision, and putting resources behind such a decision. The journey toward Zero Trust is a long drive. Implementing everything in one go is difficult.

  • Prioritize based on business needs. Some enterprises start by implementing user identity and access management first. Others start with network or application segmentation. Regardless, success depends on adopting a holistic strategy. Take a phased approach towards implementing zero-trust, with the defined strategy as the blueprint.
  • Avoid overkill. Zero-trust requires more resources compared to conventional security approaches. Do a cost-benefit analysis and provision for the resources upfront.
  • Monitor the network not only for security breaches but also for productivity. For instance, IT admins do not update access rights when employees switch jobs. When such employees try to access new resources, the network monitoring tool identifies anomalies.

Use security tools to get deep, granular insights into the devices and the protect-surface. Armis enables real-time insights and triggers a fast and highly effective response.

The term “Zero Trust” first came into use in 2010, through Forrester Research. IT giants such as Google and Cisco adopted the model soon after. The model has withstood the test of time as an effective way to keep the network safe. But success depends on doing it the right way.

You can check these Five Steps to a Better Cyber Security Program

Find the Top Reasons You Need IT Asset Visibility for Cybersecurity

Tags:
Email
Twitter
LinkedIn
Skype
XING
Ask Chloe

Submit your request here, my team and I will be in touch with you shortly.

Share contact info for us to reach you.
Ask Chloe

Submit your request here, my team and I will be in touch with you shortly.

Share contact info for us to reach you.