Zero-Trust is a term that was first coined back in 2003 to help explain a process known as de-perimiterization. Essentially, by limiting access and privilege, both the user and the device have to undergo verification. The term was extensively used by Google and Forrester between 2009 and 2013. In 2013 Google talked about implementing their “BeyondCorp” a security model built on zero-trust.
With the evolving cyber security landscape, it can be useful to adopt methods which go a step further to protect your business network. Access to zero-trust tools has improved and companies are increasingly using the approach to protect important business data.
What is zero-trust?
You might be wondering what is zero-trust? Although the term has been used by the likes of Google for years it is still not as widely known as it could be, even within the tech space.
The term refers to the trust you put in users and devices associated with your network. Simply put, Zero-Trust means not trusting that those associated with your network are automatically safe.
Focussing on verified access, zero-trust means that all users and devices wishing to access applications and data on a network must first be verified.
Go back a couple of hundred years and a King or Queen could protect their castle by making sure they had good defences and everything inside the moat was secure.
These days security is much less clear cut.
Let’s take it back to cyber security. The idea that an organisation can protect itself by ensuring all the devices and users within it are safe no longer holds true.
Shifts in modern day working behaviours such as BYOD (bring your own device) policies, remote working and multiple devices per user have all added to the increasingly difficult task of protecting an organisation.
Using technology which helps you to verify who is trying to access your network is the smart way to protect yourself.
You can channel user requests down the safest path based on what device they are using and what they need access to. For example, a remote user who needs to access the company network will be routed in a way that only gives them access to basic company records. They are sent down a particular channel, which gives them only what they need and not what they don’t.
This helps keep security strong, especially when data is accessed from remote locations.
It is often said that your employees are your biggest risk, and that social engineering is the number one way for hackers to get into your system. Taking advantage of new security methods which verify the user as well as the device can help protect your company and mitigate the risk of cyber-attack and associated data breaches.
The assumption that any attempt to access a network comes from an unverified or untrusted source is the foundation of the zero-trust model. Every application is protected the same way, regardless of where it is hosted or how users access it. It also means team members can work remotely without needing a VPN connection.
Exposure to the network is also limited dependent on what the user needs to access. This goes a long way towards mitigating risk.
How can I adopt zero-trust?
Putting something like a zero-trust model in place can be relatively straightforward with the right IT Partner. At Netstar we have helped our clients use tools like Duo which give them greater control over who is accessing their systems.
Speak to your IT Partner if you have one. They will advise you on how you can improve your security and move towards zero-trust.
To find out more about the zero-trust approach and hear the experts in person, you can register to attend our free lunchtime event at the Gherkin on the 21st of February.