Dubai Tech News

Can You Afford To Ignore Zero Trust?

Innovation Can You Afford To Ignore Zero Trust? Lou Senko Forbes Councils Member Forbes Technology Council COUNCIL POST Expertise from Forbes Councils members, operated under license. Opinions expressed are those of the author. | Membership (fee-based) Jun 27, 2022, 08:00am EDT | Share to Facebook Share to Twitter Share to Linkedin As chief availability officer (CAO), Lou Senko leads Q2 ’s hosting, security, and support groups to deliver an enhanced customer experience.

getty If you’re paying attention to security developments, you already know that zero trust has moved from a trend to a necessity. In fact, adopting zero trust is now a top priority for security decision-makers, with 96% stating that zero trust is critical for their organization. Earlier this year, the White House set a 2024 deadline for agencies to adopt zero trust.

The urgency is palpable—and it should be. The way we do business now is complex, and maintaining data security requires a robust approach. That’s exactly what zero trust is—a mindset that assumes that a network’s security is always under threat from internal and external actors.

With zero trust, we get a modern security framework that’s designed to handle these distributed systems. Building Security For Complex Systems When businesses started moving to the cloud, most retained their private data center so they had one foot in the cloud and one foot in their private data center. Then, the cloud expanded into multicloud environments involving multiple public cloud vendors with their own access points and standards.

Multicloud environments are powerful and flexible because of their inherent complexity. It’s what makes them valuable, but it also makes them vulnerable. Each access point is an opening that attackers can exploit.

The surge in remote and work-from-home norms has led to more employees working from an insecure home environment while they hold the keys to the virtual kingdom. They use different tools and technologies as they move through a system that ultimately links the least secure vendor solution with the most important company data. Great security protocol at the front gate—that initial multifactor login to the company network—is no longer adequate.

Every vendor solution creates an access point, and every employee working at home on a laptop creates an access point. Zero trust compensates for those points being unintentionally left open by employees or left vulnerable to exploitation by attackers. MORE FOR YOU Google Issues Warning For 2 Billion Chrome Users Forget The MacBook Pro, Apple Has Bigger Plans Google Discounts Pixel 6, Nest & Pixel Buds In Limited-Time Sale Event We could describe zero trust as eliminating implicit trust.

We start with the assumption that we cannot trust the user, whether inside or outside the network, and that requires constant and continual validation of user identity. Any access granted never carries forward to the next access request. Applying Zero Trust It’s important to understand that zero trust is not a product you buy.

You can buy solutions (both services and technologies) that are enabled components of the zero-trust mindset. Which components you need depends on how your system is laid out. Our particular methodology is called zero trust network access (ZTNA).

We have about 22 million end users, and they move about $2 trillion a year. We have to protect that money from bad actors trying to get in and even internal actors who may have access. With ZTNA, the first step is a hardened endpoint, which functions like the airlock on a space shuttle.

The user has to meet certain protocols, like multifactor authentication, to get the airlock to open. Then, they have to meet other protocols to get out the other side. Since revalidation is required at every access point, getting through one airlock does not get you through the next.

Even if an employee logs into the corporate network and brings a virus or hacker with them, there’s nothing to infect or attack because there’s no data in the airlock. To move into the areas where everything is stored—such as SaaS back-office solutions like NetSuite, Salesforce or Workday—or to access hosting environments, the employee has to meet the next set of criteria, which includes opening a virtual desktop to request access. It’s not just about providing the right login and password; it’s about requesting it the right way using a privileged access management solution from only allowed managed endpoints.

There are also rules in place that prevent certain actions, no matter what the user requests. For example, our system can’t communicate with anything we haven’t white-listed. We must assume that the employees’ credentials have been compromised, so the access path needs to account for that.

Even with updated, thorough security in place, you have to plan that something will fail. If you plan for it, you can prevent it—so we don’t simply assume things will work. Instead, we think about how to create layers of security through the entire system.

If one layer fails, what’s the next layer? Hardened endpoints are the first layer, and removing sensitive data from databases is the next. Data gets encoded, scrambled and scattered in the blockchain. Next is anomaly detection, which is how we defend against new security threats.

If a server starts behaving differently than usual, it triggers an alarm, and the server gets taken off the network. Since every keystroke in every file is recorded with a user activity monitoring solution, we can review what triggered the alarm and take appropriate steps in response. Going All In With Implementation Even though 76% of security decision-makers are in the process of adopting zero trust, only 14% of organizations have reached full implementation.

There’s always some resistance to adopting new systems, but security measures can’t be optional in today’s environment. Yes, employees have to take extra steps to get in the door, but those extra steps keep everyone’s data safe. There’s room for an iterative approach, but the timeline shouldn’t be open-ended.

Start with zero trust, tighten the endpoints and focus on the high-risk groups. Remember that the efficacy of zero trust depends on 100% deployment. That means everyone uses multifactor, every bit of data is protected, and every endpoint has anomaly detection.

Vulnerability at a single access point can create vulnerability in the entire system. It’s time to focus on complete zero-trust implementation. You can’t afford to stick your head in the sand if you want to serve your customers safely in the clouds.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify? Follow me on Twitter or LinkedIn . Check out my website .

Lou Senko Editorial Standards Print Reprints & Permissions.


From: forbes
URL: https://www.forbes.com/sites/forbestechcouncil/2022/06/27/can-you-afford-to-ignore-zero-trust/

Exit mobile version