Friday 1st November 2024
Marketing Myth or Strategic Superhero? Whatever your views about Zero Trust, we shouldn’t deny the logic and benefits behind a holistic, multi-layered approach to cyber security. Zero Trust has been spoken about for over a decade, after it was coined (in the context of cyber security) by Forrester analyst John Kindervag. Since then, the stories told around adopting a Zero Trust model have been adapted and moulded to suit the storyteller. So how do we cut through the noise and seek to understand the benefits a Zero Trust model can bring to our organisations?
In this blog, we’ll break down Zero Trust into its component principles, of which there are three. We’ll also peek under the hood at some of the technology areas at play that integrate to form a Zero Trust architecture.
Before Zero Trust was a thing, or more broadly, before we really started to break down walls between cyber security companies and integrate solutions together, we were dealing with disparate systems. When I first started in cyber security, the fact that we had so many different cyber security companies at the bleeding edge of threat intelligence… not sharing that intelligence or using it to inform decision-making of other security tools, baffled me!
On top of this, having many disparate systems within a single organisation leads to technology bloat and systems management overhead(aches!). As well as the challenges of simply having a multitude of systems to manage, the team also have to get skilled on how to manage these tools. Not a good look when we’re simultaneously tackling a severe cyber security skills gap (more about this in another journal entry below).
All of this adds up to a broader attack surface due to the wide-spread increase of multiple technologies, rapid adoption of cloud and SaaS applications, and a lack of resource to confidently manage this growing risk.
In looking to address these challenges, my recommendation is to adopt the three key principles of Zero Trust (whether you label it as such, or not). Let’s look at these in some detail:
In this paraphrased sentiment from John Kindervag, we must attain a position of distrust for all network traffic. That is, we must seek to verify before giving the source assumed trust. A source can be anything coming into your network, be it an application, data, endpoint device or user.
In looking to verify every source, we can consider tools to broker trust, such as MFA, certificate-based authentication, even physical security measures such as ID cards or biometrics particularly when considering our users as part of the equation.
An uncomfortable position for a lot of us to consider but these days it is far safer to assume you have been breached or will be breached in the future. No organisation is impenetrable, so it’s not a matter of if you will be breached, but when.
To follow this principle, we need to have tools in place that will not only protect us from attacks but help deepen our understanding of how and why we were attacked. A good example of technology that seeks to do this is in the Endpoint Security space, where EDR (Endpoint Detection & Response) technology aims to provide clarity of point of entry of an attack, as well as every action the attacker took before triggering an alert and (ideally) getting blocked. By providing this ability to triage an attack, we can evaluate our strategy and shore up defences to increase our security posture in the future.
In addition, it is best practice to consider the possibility that an attacker is already lying in wait in your environment. This is another factor that EDR tools can help uncover and provide foresight before an attacker can do any damage.
A cornerstone of Zero Trust, removing all standing privileges where they exist and adopting a JIT (just-in-time) approach to privilege elevation is crucial for adopting Zero Trust. I wrote more on this subject in a previous Cyber Journal Entry on Human Risk Management.
This principle must apply to machines (system accounts, app-to-app, etc.) as much as to human users. By restricting standing privileges and implementing workflows and controls that limit a user’s ability to abuse any level of privilege, we’re also removing the target from their back that malicious actors would otherwise look to take advantage of.
Once you’ve decided what these principles mean for you in your organisation, let’s consider the technologies that underpin the process. There are several technology areas to consider as part of a holistic Zero Trust strategy, but quick wins can be found within:
As an example, integrating your Email and Identity solutions. In this scenario, your email solution can highlight users or groups of users that are currently under attack by a phishing campaign. This information can be passed onto the Identity tool to increase the security controls in place, for example MFA, or restrict access to certain apps.
Technology integrations are one of the most effective ways to enhance your security posture and maximise your existing investments.
At Bytes, we offer our customers a Zero Trust overview engagement, where we will seek to cover some of the ground covered in this blog in more detail. We will look to understand your position on the three core principles and how we can bake this into a long-term strategy.
Through these sessions, we will look to gain an understanding of your existing security investments, educate you on existing integrations between tools you use today to enhance your security posture and gain some quick wins, while also planning for long-term improvements.
The ideal outcome from these sessions is to allow your cyber security investments to become more than the sum of their parts. The team of security specialists at Bytes are perfectly positioned to lead you on this journey as we aim to help you secure your future.
Thank you for reading.
If you have any questions, or would like to learn about any of the content covered in this blog, please email our friendly team via [email protected]
Want to keep informed? Sign up to our Newsletter