Why implementing zero trust is more important than ever



Five Worthy Readings is a regular column on five remarkable things we discovered in our research on trending and timeless topics. This week, we explore why organizations should implement Zero Trust in 2021.

In 2010, John Kindervag introduced the concept of “Zero Trust” which has become a touchstone for cyber resilience and persistent security. Zero Trust is not a security product, architecture or technology. It is a strategy or set of principles defining how to approach security; it defines the assumptions behind what we do. The basic principle of Zero Trust is “Never trust, always verify!” No matter what device, user, system, or location, whether indoors or outdoors, the organization’s security perimeter should not be trusted.

A Zero Trust strategy involves three things:

  • Always authenticate and authorize.

  • Apply the principle of least privilege.

  • Monitor and adapt constantly.

As the name suggests, nothing should be trustworthy and everything should be checked. Principles such as last privilege access, micro-segmentation of networks with different credentials, monitoring of data usage, and real-time continuous validation can help organizations mitigate unavoidable intrusions into organizations. networks.

COVID-19 has fostered a culture of remote working which has, in turn, led to the rapid adoption of a hybrid work environment. Employees are no longer linked to inherited perimeters. The use of the cloud and the accelerated adoption of remote work scenarios have increased the threat landscape and paved the way for more vulnerabilities and complexities in infrastructure. With this change, the security model of every organization must change. When a person requests access to data, the organization must decide whether to grant or restrict access by determining who, when, where, why, and how. Zero Trust enables businesses to operate more efficiently by providing better visibility, granular level access to users, and also helps revoke access to any resource at any time.

Here are five great reads on the Zero Trust Architecture and why all organizations should consider implementing it.

1. Zero Trust is not a security solution; It’s a strategy

Zero Trust is not a product or a platform, it is a framework of security. Zero Trust eXtended (ZTX) is an ecosystem with technological and non-technological elements that takes into consideration other areas, such as Identity and Access Management (IAM) and Privileged Access Management (PAM) among others. The implementation of the Zero Trust security strategy should be a tool to enable digital transformation and always balance the security of the organization and the employee experience.

2. Zero Trust Architecture and Solutions

ZTNA is an identity-based security model that creates an identity, context-based and logical access perimeter, eliminating the distinction between being on and outside the corporate perimeter. ZTNA assumes that all internal and external networks are unreliable, where access is provided only after intent and identity verification. It also helps identify unusual and malicious behavior by reporting attempts to access restricted resources and attempts to download massive amounts of data. This research indicates that by 2022, 80% of new digital business applications will be accessible through ZTNA and, by 2023, 60% of companies will phase out most of their remote access VPNs, promoting the Zero Trust model. .

3. Why should you implement zero trust security in 2021

This pandemic-induced remote working culture has led to an increase in the number of endpoints, including employee personal devices, that access organizational data. Thus, securing changes in operations for the livelihood of businesses has become more crucial than ever. A zero trust security strategy relies on identity and access management, endpoint control management, and an effective security monitoring capability. Organizations are now turning to security orchestration automation and response, which can effectively reduce response time and the burden of repetitive tasks by automating identified vulnerabilities and implementing pre-defined workflows.

4. 5 tips for implementing a zero trust model

An organization implementing Zero Trust must first identify its users and devices that connect or attempt to connect to your network with an IAM solution. Each piece of data must be classified and through micro-segmentation, organizations can define access controls for data, applications and services. Networks should be continuously monitored and organizations should assess trust whenever a new device requests access to its endpoints.

5. Why a zero trust policy is important for remote businesses and cybersecurity effectiveness

With the rise of the remote work culture comes new cybersecurity challenges that translate into less control over organizational resources and increased risk of data breaches. It is therefore more important than ever to approach cybersecurity from a risk-based perspective. The Zero Trust model applies the principle of least privilege which ensures that no one has access to data and resources more than they really need. This model not only verifies the device, but also the identity; authentication is adaptive, contextual and risk-based.

Humans are not the weak link; they are the main vector of attack, which is a compelling reason why access to data should be restricted as much as possible. Implementing the Zero Trust security strategy takes months of hard work with hours of monitoring and management, but it’s worth it as it serves as a blueprint for the future of cybersecurity.

The post Why Zero Trust Implementation Is More Important Than Ever appeared first on the ManageEngine blog.

*** This is a syndicated Security Bloggers Network blog from ManageEngine Blog written by Sree Ram. Read the original post at: https://blogs.manageengine.com/corporate/manageengine/2021/07/23/why-implementing-zero-trust-is-more-important-than-ever-before.html



About Author

Leave A Reply