So what exactly is Zero Trust and why is it important?
Simply put it is a security model that will help increase network security. It is important because of the multitude of devices that are connecting to your network are likely not owned by your company. Tina Gravel, senior vice president of Global Channels and Alliances for Cyxtera Technologies commented about IoT – (Internet of Things), “IoT is great, but you’re going to have 40,000 more things to attack on your network than you had before IoT, increasing your attack surface exponentially,”
Zero trust, a term originally coined by John Kindervag, means what it says: don’t trust anyone who is accessing your network. Generally you need to keep your data secure and if you come from the position that everyone who is trying to connect to your systems is up to no good then you are in a position of power to enable a secure network strategy. This does not mean that all of your employees are out to get you but you would likely be surprised at how many are. “We’re trusting our end users way too much,” Gravel said. “A system that is managed via a zero trust model reviews the user in finite, contextual ways to ensure they are who we think they are.”
By simply setting Zero Trust security up on your network properly, it will make contextual inquiries about the end user such as
- What are you trying to access?
- Are you in the right department to be accessing these assets from the cloud?
- Do you have the right permissions?
- Are you in the correct network space?
These are only examples but you get the picture. While this does not mean that a hacker cannot access your assets it will at least make it more difficult for them as well as helping to keep your employees on track and doing the right things.
While no system is secure and hacker proof, implementing solid security measures such as Zero Trust you are on your way to a more secure environment. Remember, hackers like all humans are lazy. If your neighbors house(system) is easier to access than yours what do you think they will focus on? By doing what you can and enforcing policy you can make your system more resistant and bothersome to the bad guys who want your data and money.
Bottom line. You have to know what you want. What are you trying to protect? Where does it exist? Who does have access to it? who SHOULD have access to it and who SHOULD NOT? With this information in hand you can properly assess your position and create a plan to implement a workable solution. But remember, you must create employee buy in or your best efforts will only fail.
Get in touch so we can work out a solution that is right for your business to keep it running.