Zero Trust Approach for a robust cyber security posture

The pace of migrating workloads and applications to cloud environments has increased. So has the number of people working and accessing these networks remotely. Add to this the IoT devices and we are talking about multiple entry points to the network and an expansion of the attack surface that make for an attractive proposition for the cyber criminals lurking around.

According to IBM, it is estimated that on average a data breach costs a business about $4 millions—and this does not include spending on remediation, clean up, customer churn or losses to the brand reputation. Therefore, businesses are obliged to deploy mechanisms that authenticate the users and only allow access to the people, who are authorized.

Protect the network from internal threats, too

The traditional cyber security approaches focus on external threats, with IT teams using firewalls to secure the network perimeter. However, if this perimeter is breached and a cyber criminal is able to break into the network, the complete network is at risk as this cyber criminal can traverse the entire network unhindered and exploit it at will. In case, the perpetrator is internal, the losses can be unimaginable.

So far, the focus of attention has been to ward off external threats. In the process, businesses often tend to overlook the internal threats that can prove hazardous. For a truly robust cyber security posture, businesses must plug-in as many loopholes as possible—whether external or internal. No user must be allowed to get away with any attempt to endanger or exploit the network in any manner.

Further, in complicated network systems of today, where resources are spread across clouds and are accessed using smartphones and other smart devices, no single security check can suffice for overall security. Therefore, instead of solely focusing on securing the network perimeter, the need is to restrict access only to authorized users.

Never trust, always verify

Zero trust access is becoming a hot topic of discussion and is believed to provide businesses with identity-centric measures that help restrict the attack surface, and therefore the threats. As part of the zero-trust access approach, access to the network resources is privileged and made available only after strong authentication. As part of this approach, organizations must verify every entity—user or a device—that tries to access the network resources—whether from within the network or from outside.

Also known as the 'never trust, always verify' concept introduced by Forrester Research, the approach gained popularity with Google implementing the approach to its network. It is also known as Continuous Adaptive Risk and Trust Assessment (CARTA) as proposed by Gartner.

Every user or device must be verified

As part of the zero-trust approach, it is presumed that attacks can originate internally as well. Therefore, every user or machine needs to verify itself to gain access. This is achieved through micro-segmentation or categorization of network resources into sub-networks or zones. Only users who are authorized to access a certain zone can gain access, albeit after duly authenticating themselves. For instance, a person from the marketing team will not have access to the HR zone and vice versa.

Common methods that are used to verify users include multi-factor authentication (MFA), two-factor authentication (2FA), and one-time-password (OTP) in addition to continuous monitoring for all the users and devices trying to access the network.

Also, users are granted the least privilege to ensure the users are allowed only the minimum access as may be required. Further, rendering the resources dark, makes them invisible and reduces the attack surface, thereby, protecting the business assets from unnecessary exposure.

The article has been written by Neetu Katyal, Content and Marketing Consultant

She can be reached on LinkedIn.