In the first part of my blog, I discussed emerging security threats creating new opportunities for cybercriminals in a hybrid set-up of work and why old assumptions will not keep us secure in the new world.
Let’s revisit the Zero Trust approach.
The entire digital estate should adopt a Zero Trust policy, which would act as an integrated security tenet and end-to-end strategy.
- Identities. The Zero Trust control plane is defined by identities, whether those identities represent people, services, or IoT devices. We must use strong authentication to confirm an identity attempting to access a resource, make sure the access is compliant and appropriate for that identity, and adhere to the least privilege access guidelines.
- Devices. Data can flow to numerous devices once an identity has been permitted access to a resource. IoT gadgets to smartphones, BYOD to partner-managed gadgets, and on-premises workloads to cloud-hosted servers are just a few examples. Due to the large attack surface area created by this variety, we must monitor and enforce device compliance and health to provide secure access.
- Applications. APIs and applications offer the interface via which data is consumed. They may be legacy on-premises, lift and shift to cloud workloads, or modern SaaS applications. Controls and technologies should be applied to discover Shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behavior, control user actions, and validate secure configuration options.
- Data. In the end, security teams are concerned with safeguarding data. Data should, wherever possible, remain secure even when it leaves the systems, software, networks, and infrastructure that the company controls. Those attributes should be used to categorize, classify, encrypt, and restrict access to data.
- Infrastructure. Infrastructure (whether on-premises servers, cloud-based VMs, containers, or microservices) represents a critical threat vector. Use telemetry to detect threats and anomalies, assess for version, configuration, and JIT access to enhance protection, automatically block and flag unsafe behavior, and take precautionary measures.
- Networks. Ultimately, network infrastructure is used to access all data. To improve visibility and help stop attackers from traveling laterally across the network, networking controls can offer essential "in-pipe" controls. The use of segmented networks, end-to-end encryption, monitoring, and analytics, as well as real-time threat protection, is recommended.
Each of these six fundamental components functions as a signal source, an enforcement control plane and a vital defense resource. For best safety, you should evenly distribute your investments among each of these components.
The Zero Trust approach should extend throughout the entire digital estate—it serves as an integrated security philosophy and an end-to-end strategy. Implementing Zero Trust controls and technology across your six core elements can help you achieve this. For ex:
- Verify Identity. It is crucial to know who is asking for access, and that identification must be verified explicitly rather than assumed from the environment. Bring users into a single identity system, utilize strong authentication, and use threat intelligence to confirm the authentication to make sure you are secure at the point of access.
- Verify Devices. All requests for data access result in the transfer of that data to a device's browser or application. Being aware of the state of that device is critical in a world where devices can be infected, lost, or stolen. Mobile Device Management (MDM) and Mobile Application Management are important in protecting data once it is accessed.
- Protect Data. Auto-classification and encryption should be used to protect data from unauthorized transfer wherever possible. This guards against the purposeful or unintentional misrouting of downloaded data.
- Harden Applications. To reduce inherent application risks and make sure access is controlled by policy, application access and configuration must be secure. Application behaviour, including shadow IT, should be understood and monitored for and protected from anomalies.
- Protect Infrastructure. Where you are using cloud workloads (IaaS or PaaS), ensure you are utilizing your cloud fabric according to the best security principles, utilizing the intelligence and protection provided.
- Govern Networks. Utilize a workload segmentation technique that is intelligent and adaptive while keeping an eye out for and guarding against unusual traffic patterns to reduce lateral movement.
The following are the essential resources to make it all fit together:
- Policy-driven access. Modern micro-segmentation means more than networks. It requires we also gate access based on their role, location, behavior patterns, data sensitivity, client application, and device security. At the point of access and wherever possible throughout the session, make sure that all policies are automatically implemented.
- Automated threat detection and response. The systems mentioned above must automatically process and respond to telemetry. Attacks occur at cloud speed, and since your defenses must respond similarly, people are simply unable to respond in time. For real-time defense, combining intelligence with a policy-based response.
What we see is that in the age of hybrid work, the digital estate of enterprises has grown into a complicated constellation of identities, applications, data, virtual machines, endpoints and IoT devices. Siloed solutions simply cannot address the scale and complexity. What we need is a platform-based approach to securing the workplace. A solution connects the dots across vectors to deliver rich and actionable insights to strengthen workplace security. The solution is backed by data to provide meaningful insights, and it correlates signals to determine the full scope and impact of a threat across the enterprise. Only this approach will help us create a ssecure digital workplace.