• 07948 570815
  • This email address is being protected from spambots. You need JavaScript enabled to view it.
Zero Trust: Better to be safe than sorry

Zero Trust: Better to be safe than sorry

Data breaches are all too common these days and when they hit the news no one is surprised. 

However, it does reinforce the message that protecting data and knowing exactly who has access to it and when is fundamental.

Especially in light of GDPR regulations, as a spotlight is starting to be shone on the businesses that are not compliant and fines too. So how can organisations implement a policy that will enable them to do just that?

The challenge is that cyberattacks often come in all shapes and sizes, but there is an astonishing number of data breaches that are still accomplished through misuse of privileges. Organisations need to have visibility of not only all the data and where it is stored, but who has access – from employees and contractors through to third party suppliers. Applying a Zero Trust model will enable organisations to take steps to achieve this.

No one is trusted implicitly when it comes to identity, access and data with Zero Trust. In terms of cybersecurity, organisations should trust no one to have full and complete access to all the company data, no matter how who they are. That’s not to say, of course, that users should never be granted privileged access to network resources as that would be unworkable, but a security scheme should be in place, which constantly requires users to not only prove who they are, but also to prove that they have both the need and authorisation to access sensitive resources before entry is granted. Other security paradigms have, to date, assumed that activity is legitimate until proven otherwise: but it’s better to be safe, than sorry.

With a holistic Zero Trust system, the assumption is that no activity is legitimate by default. Everything requires proof to the contrary before allowing privileged access to sensitive resources. Zero Trust demands equal opportunity verification of credentials, identity, and permissions. It’s important to note that Zero Trust does not assume that all users are bad actors; rather, it simply requires that “proof positive” be provided to confirm that the access is authorised.

business dataAlso see: Is your business data protected?

Every business wants to do well and in today’s changing landscape maintaining competitiveness and profitability is tougher than ever before. Everyone you work with is a potential security risk: from employees, partners, vendors, suppliers and subcontractors. Even if they do not know it. The reality is that no organisation whether large or small is immune to data breaches. And every sector from finance and government through to manufacturing and retail needs to safeguard data. No organisation wants to be next in the headlines with a data breach which could cost millions, let alone the lost credibility and impact reputation.

The risk from this type of data breach is increasing, with the latest Verizon Data Breach Investigations Report confirming the breadth of the problem, showing an increase in privileged misuse. While in some cases this can be deliberate with employees causing harm, privileged credentials can also be unknowingly stolen by cyber criminals – meaning even the most trusted employees can cause harm, for example by simply clicking on a malicious link. Looking back at Capital One data breach, it was a misconfigured firewall which allowed hackers to steal the details of privileged users, giving them access to bank account numbers, social security numbers and credit card applications. With a Zero Trust model this threat can be eliminated.

Unfortunately, the threat from privileged misuse is not going away anytime soon, and with the transition to remote working increasingly hugely almost overnight due to the pandemic, the threat will have only heightened. We are already seeing industry reports confirm a rise in cyber-attacks, and with users working remotely, new employees starting virtually, furlough schedules and contract workers filling any gaps, it is imperative organisations maintain data security. Not deploying Zero Trust measures could have very real implications, like a remote employee not using a secure connection or an unapproved memory stick which accidentally invites malware into the system.

Through a Zero Trust model organisations can combat the threat of both external and insider threats, not only safeguarding the business from financial and reputational damage but giving employees peace of mind to continue to work freely without the worry that they will unknowingly cause damage.

home worker2Also see: IT security professionals and trust in remote workers

With a privileged access management platform that follows the Zero Trust model, organisations will not only be able to verify access based on the user, but security can be bolstered also taking into consideration other requirements such as the time of day and location of the user – flagging any red herrings. This allows organisations to create their own filters, giving employees the freedom to continue working, with access to the data they need, when they need it, but under an added security net.

Simply giving all users full access to data is negligent and cyber criminals will look for ways to exploit this. Organisations are now accountable and have a duty to protect customer data, if there was a data breach and your business was culpable for the breach GDPR fines may be applied. So it is imperative businesses start to bolster their security against privileged misuse.

Newsletter


More From Our Blog