This past year was one like no other. Masks became the new fashion norm, workers traded office life for remote work, and video meetings became our main vessel for communicating with one another. While the world was busy fighting one issue, another swiftly arose. Cyber crime is on the rise across the globe. According to the F.B.I. in 2020 internet and cybercrime complaints rose to 791,790 up 69% from just 467,361 complains the year before. Coincidently the revenue lost due to cybercrime also soared going from $3.5 billion lost in 2019, to $4.2 billion in 2020. This rise in cybercrime and cyber attacks has led information technology professionals to discuss how best to combat this issue, their answer? Zero Trust Security.
What is Zero Trust?
Trust nothing, verify everything, and assume a breach has already occurred. These are the main principles of Zero Trust Security that outline how an organization should view their security posture. First, there should be no default trust permissions within the secured environment. Pretend that every device is facing the internet and can be used as a potential attack vector. The next step is to always require verification for every device/user across the network. When someone remotely access the network from their mobile device, treat them as though this is their first time ever signing on. Make sure that this process is repeated when they try to pivot to a separate part of the network. Just because someone has access to files for one department, does not mean they should have access to other sections. Finally, always assume the worst. Organizations should operate as though they have already been breached, further securing credentials and access to sensitive information to only users who have the express permissions to access them.
While the Zero Trust Security model is relatively new, it has already begun to impact the way companies look to defend their networks. Netizen COO, Akhil Handa, recently had this to say on the matter “ Zero Trust is changing the way companies are looking at Cybersecurity and has really come to the forefront during this time where the work force is shifting to remote. Zero Trust revolves around the methodology that requires organizations to implement strict verification processes for people and devices connections prior to giving them access to the network and data. Organizations are now turning to Zero Trust security rather than just spending money defending the perimeter.”
The Pillars of Zero Trust Security:
The Zero Trust Security Model consists of six main pillars of security. The first of these pillars is users or workforce security. This pillar revolves around the overarching need to ensure that users have the correct permissions and are authenticated each time they access the network. With Zero Trust, we make sure that users only have access to the information that they need and their accounts cannot be used to access further systems. The next pillar focuses on device security. Every device should be treated as a potential threat vector under Zero Trust security. These devices have their access granted on a per-session basis and have no shared credentials or trust permissions. Following device security, the next pillar is network security. This pillar revolves around the need for micro-segmentation of the network to reduce the risk of an outside attacker being able to pivot across the network to multiple resources. Companies can look to create multiple inspection points across their network to help reduce any suspicious lateral movement.
The next pillar is workload security which refers to the applications, digital processes, and public and private IT resources used by an organization for operational purposes. Security is wrapped around each workload to prevent data collection, unauthorized access, or tampering with sensitive apps and services. The next pillar is data security which entails properly categorizing data. Once categorized, the data can be isolated where only the individuals that need the data can access it. This section also includes where the data should be stored and any encryption processes. The final pillar of Zero Trust Security is analytics. This last pillar deals with the continuous monitoring of the micro-perimeters we have set up throughout the environment and the tracking of log data to find any indicators of a breach.
How to get started:
Netizen CEO, Michael Hawkins, had this to say for companies looking to get started on Zero Trust. “The first step is identifying what adoption means for your organization, does Zero Trust fit into your current risk profile and operational capabilities (ability to support). For example, Zero Trust relies heavily on things like identify management, asset management, network segmentation, and threat intelligence, which are skillsets that many businesses would not have in-house. Also, as a relatively new concept, there are still many emerging ideas and products out in the market and standards are still being formalized. So, to surmise, the first step would be assessing whether Zero Trust is right for your organization given the capabilities of your organization and other factors. After this, identification of processes and tools necessary for successful implementation would be next, along with documenting current and to-be network topologies and creating a plan that is incremental enough so as not to overwhelm existing staff.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time – https://www.netizen.net/contact
