Here is Tip #22 for National Cybersecurity Awareness Month: Adopt zero trust security.
You can increase the level of your security by adopting a zero trust architecture in your system.
Zero trust is a concept that organizations should not automatically trust anything inside or outside its perimeters. Instead, everything and everyone that tries to connect to your system requires verification.
If your current security protocols allow access, for example, from a company laptop or someone from your office’s IP address, there’s no way you can actually know who is sitting behind that keyboard. If someone stole a company laptop, you could inadvertently let them right in.
Zero trust security is increasingly important since many organizations have some systems in the cloud and many employees accessing applications from multiple devices from remote locations.
Once an attacker gets in, a zero trust security model will stop the hacker from moving laterally throughout your network, looking for the places to compromise to elevate their privilege and get at the systems or information you want to protect most.
Steps you can take
The big difference with zero trust security is that it assumes cybercriminals are already inside your system and focuses on limiting their movements — and damage. Traditional security models focus on keeping people out.
Implementing a zero trust architecture requires you to use micro-segmentation and perimeter enforcement using technologies such as multifactor authentication, biometric access, encryption, orchestration and identity access management. You’ll also want to leverage advanced analytics systems so your team can see in real-time who is moving where in your network.
Once you segment your network, then you can establish what people, what devices and what applications you trust. Basically who, what, when and where you’ll allow access to what data. In general, you also want to follow the principle of least privilege, meaning allowing users access to only the bare minimum they need.
A strong communication and training plan is another crucial element. Adopting zero trust security can lead to frustration among employees, as increased security measures often do. Without understanding the importance and rationale, your users may try to circumvent controls or waste time and energy worrying whether they can get their work done.