The first six months of 2019 saw more than 3,800 publicly disclosed breaches, which exposed 4.1 billion records, according to a study. While there are many possible solutions to mitigate data breaches such as threat monitoring and employee training, security issues still occur, and cybercriminals continue to gain access to confidential company data. This is why zero trust security is becoming a popular choice among businesses today.
What is zero trust security?
Introduced in 2010 by John Kindervag, zero trust security believes that organizations should not trust anything both inside or outside their perimeters, and everything that’s trying to connect to their system must be verified first before being granted access.
Insider threats shouldn’t be ignored
Insider threats play a large part in zero trust security. These typically include employees who fall for online scams and cyberattacks such as malware and phishing, as well as disgruntled current or former staffers looking to sabotage your operations for professional and financial gain.
According to the 2019 Verizon Data Breach Investigations Report (DBIR), 34% of all breaches happened as a result of insiders. More companies are realizing that existing security approaches aren’t enough, because some employees may still find ways around certain policies, and if they are given access within the company’s system, they can easily steal or modify data.
One of the biggest problems with the current security policies of companies today is that too many things run openly with too many default connections, and IT administrators trust employees too much.
The six tenets of zero trust security
The zero trust security model isn’t about acquiring a specific technology solution. Instead, it rethinks how networks are configured, how executives approach security, and how rank-and-file employees behave at work.
This model’s mantra is “never trust, always verify, enforce least privilege”. Building a zero trust network requires organizations to apply the strictest privilege access, which are explained by its six tenets:
#1. Verify who
Many companies implement multifactor authentication (MFA), which requires users to present two or more pieces of evidence to prove their identity and gain access to a network. With zero trust, MFA is applied everywhere within the network, not just at the entrance. Verifying identities includes not just people but also workloads, services, and machines. And when an employee resigns or a service is no longer in use, their network identity is immediately disabled.
Let’s say an employee logged in to your system at the start of their work shift. If they want to access a certain portion of your system that contains sensitive files, they will need to verify their identity again to prove that they are the one requesting for the data. This way, the possibility of non-authorized parties stealing your confidential data is reduced.
#2. Contextualize request
Your database administrator (DBA) should not have default access privileges to all databases. They should only be able to access the ones that they need for work on a certain day. That way, in case the DBA’s login credentials are compromised, the attack surface is limited, and hackers cannot access other parts of your system.
It’s important to understand the context behind the request for access, and review and approve the request based on the reason provided. The context typically includes why they want to access something, and for how long. The request must then be routed for approval.
#3. Secure admin environment
Workstations connected to the internet and email should not have access to internal servers, so malware and other threats will not infiltrate them. Access should only be granted through jump servers, which refer to proxy servers or computers that serve as mediators between a secure internal network and the external untrusted environment.
#4. Grant least privilege
The concept of least privilege is something that we commonly see. When it comes to your office’s physical access system, different levels of users get access rights, and employees need to request access to certain areas. The same principle applies to your IT security. Ensure that employees are only granted access to sections of your infrastructure that they need for their tasks, and if they need to access data beyond their scope of work, they have to request access to it.
Granting the least privilege to employees is helpful in preventing cyberthreats from penetrating deeper into your entire system. For instance, an employee whose job is to enter info into a database only needs the ability to add records to the database. If malware infects their system, the malicious attack is limited to that computer. And when a user is done with a task or project, their access privileges are revoked.
#5. Audit everything
Make sure to document all the actions performed within your network so it will be easy to pinpoint employee responsibility for a problem or to trace it using forensic analysis. This can be done through closed-circuit television cameras (CCTVs) or auditing software. For instance, if your IT infrastructure experienced a distributed denial-of-service (DDoS) attack, you can check your audits to see which of your employees was responsible OR let the incident happen.
#6. Adaptive control
A business’s verification process shouldn’t be one-size-fits-all. The level of verification should depend on the amount of risk present and the identity of the person or machine.
Algorithms can check where an access request is coming from and analyze a user’s behavior. So if the AI deems a request to be coming from a potentially dangerous source, it will require stronger access verification . If the request was anomalous from the start, then a security alert is triggered.
Organizations can also adjust their security at regular intervals. For instance, an organization may have one security policy enforced during business hours and a more restrictive one after hours.
When it comes to network security, no one knows better than Binatech. Our comprehensive solutions will ensure that your data is protected 24/7/365 from cyberthreats like malware, hacker attacks, and unauthorized access. We can help you implement an effective zero trust security policy for maximum data protection. Drop us a line today to learn more.