With cyberattacks on the rise, is it time your business went zero-trust? Find out what a zero-trust architecture is and how it keeps critical data safe

Did you know that analysts estimate that by the end of next year, cyberattacks will have cost businesses over $6,000,000,000,000?

In 2020, a ransomware attack happens every 14 seconds. Half of the cyberattacks target small businesses and non-profits. What chance do they have when even huge companies with large security budgets like Target, Marriott, Under Armour, Equifax and more have fallen prey.

This has led many security experts to conclude that only a zero-trust architecture can prevent the seemingly inevitable.

Marius Nel, a cybersecurity specialist in Atlanta shares how you can establish your own zero-trust infrastructure.

What Is a Zero Trust Architecture?

The premise behind zero trust is that you never take anything for granted. You establish a policy of “Always verify first, then trust.” It involves zero trust tools like:

  • Network monitoring software
  • Vertical and horizontal data segmentation
  • User-access control
  • Layer 7 prevention

A zero trust architecture addresses three very modern problems in most businesses:

  • Too many people have access to too much data
  • Those who have access may log-in through many devices
  • You can’t see everything that’s going on in real-time. Applications, servers, databases and users are continually sharing information back and forth. It’s hard to home in a threat quickly because of so much traffic.

Who Developed the Zero Trust Security Philosophy?

We can’t take credit for it. Zero Trust was developed by John Kindervag, former vice president and principal analyst at Forrester Research. Big and trusted technology companies like Cisco have implemented Kindervag’s zero-trust strategy.

While Kindervag developed the strategy, it’s important to note that it’s not a one-size-fits-all security solution. Any business that wants to build a zero-trust framework should consider their unique business needs, security risks and capabilities to develop the best zero trust security strategy for them.

With that said, next, let’s take a look at some of the critical elements of zero trust technology.

Deploying a Zero Trust Security Strategy

Zero trust may seem cumbersome and expensive. But it doesn’t have to be if you take a systematic approach.

1. Identify your Protect Surface

Kindervag defines this as “what we need to protect” above all else. The smaller and more consolidated we can make these protect surfaces, the better.

A zero-trust system is willing to sacrifice the unimportant to focus efforts on protecting the vitally important.

This includes:

  • Data that could be stolen or held for ransom
  • Applications that have access to sensitive information
  • Assets that could be damaged in an attack
  • Services that an attack could disrupt

2. Map Transaction Flows

Visualize where data is moving from place to place. Data may move horizontally and vertically.

You’ve specific user interfaces where people can access that data.

3. Build a Zero Trust Architecture

This includes such zero trust strategies as:

  • Two-step verification
  • Partitioning of employee access
  • Limiting your protect surface as much as possible, so you have less surface area that needs the highest level of protection
  • Verify new devices on the network and limit devices through policy where you can without hurting workflow
  • Put all third-party apps through a rigorous review process by experienced cybersecurity professionals
  • Have the ability to stop the suspicious activity immediately, so its legitimacy can be verified

4. Create a Zero Trust Policy

Create a written policy. Educate both IT and the average employee about what zero trust is, why it’s in place and what they can do as users to help reinforce the zero trust architecture.

Make employees aware of common strategies hackers use to turn employees into pawns in a hack attempt.

Consistently enforce your policy.

5. Monitor and Improve

Use technology to gain visibility into the shadowy areas in the network. Monitor traffic. Deploy machine learning tools to help identify abnormal traffic or individual user volume or behavior.

Create reports and set up alerts so that cybersecurity personnel can both address concerns quickly and look for new areas of higher risk where patches in the system could improve security.

You May Also Like
5 Simple Steps to Getting Started in The Cloud 2 - Florida Independent
Read More

5 Simple Steps to Getting Started in The Cloud

All start-ups and small businesses have heard that the cloud is everywhere and can transform your business. But what is it and what can it do? Cloud-IT specialists Principal have the answers.

Confusingly, the cloud is used by providers, software sellers and businesses who want your money as a catch-all term for a variety of things. It can become quite complicated, but it doesn’t need to be.

The cloud is basically an on-demand storage or software resource that you can access immediately through the internet.

Tech giant IBM offers a handy definition of the various different types of cloud applications which is a good place to start. It’s likely that after reading that you’ll have more questions than you started with. To help, here are 5 simple steps to getting started in the cloud.

1. Pick your cloud

The first thing to clarify is, like the sky above, there isn’t one cloud – there are infinite numbers of potential clouds. As a business, you need to configure one that works for you.

As a small business you will want to focus on how the cloud can benefit you. For most, that’s likely to be moving certain data and applications to the cloud.

The first step is to analyse your data centre usage. This audit can identify your current software and storage requirements, enabling you to identify areas that could be better served in the cloud.

It’s important to recognise that to work any proposed move needs to improve efficiency and be cost-effective.

The bottom line is, if it won’t save you time or money, then think again.

2. Solid security

The cloud is as secure – if not more secure – than your own proprietary network, but you still need to be cautious.

Once you’ve identified the information and software you’d like to be hosted by the cloud then take the time to assess what this means for security.

The Data Protection Act and European Data Protection Regulation all have implications for how you manage and store data, and how you select your partners too – more on that below.

3. Simple strategy

Once you’ve done the groundwork, you can begin straight away. Microsoft, Adobe, SAP are just a couple of the huge names who have moved to providing software via the cloud. Dropbox is a leading name in cloud storage, but isn’t the only one.  All you need to do to get started in the cloud is get your credit card out and sign up.

If you do though, you could be making a mistake. According to tech bible ZDNet, what most cloud projects miss is a strategy – and we agree.

A solid cloud computing solution needs structure. This will help create a system that works for the organisation and your customer. It is also built with the future in mind, growing and developing as your business does.

4. Cloud culture

Your implementation strategy is important. Equally important is how your organisation embraces the cloud. It’s all about culture.

The cloud offers freedom to access information, work collaboratively, remotely and at all times of the day. But it comes with some new risks. These are particularly important to recognise as employees increasingly use their own devices for work.

Businesses need to develop working practices and approaches that are fit for the new world of the cloud. You’ll need to introduce new staff guidelines for document sharing and storage to help you and your employees work in a new way.

5. Provider or partner

If you’re tech minded it’s relatively easy to set-up a personal cloud, but you need to explore whether it’s the right approach for you.

Focusing solely on individual providers can leave you with a fragmented cloud system, with complex and inefficient interdependencies between different pieces of software from different providers.

In the end, you could end up paying for a system that far more complicated than the one it replaced.

One way of avoiding this is working with a partner who can help you configure a cloud solution that works for you. They can also take care of some of the security and access issues, helping you devise a strategy for success.

A successful transition to the cloud needs some thought and some planning, but genuinely does have the power to transform the way you work – increasing productivity, efficiency and profit.

Let's block ads! (Why?)