The widespread adoption of public cloud services and the growth of the mobile workforce have rendered perimeter-based security models obsolete. An organisation’s applications and data are likely to exist both inside the traditional firewall and beyond it. Security and IT teams can no longer assume that users and their devices (both personal and corporate) on the network are any safer than those on the outside. Perimeter controls do little to prevent an attacker from moving laterally on the network after gaining initial access to it.
What’s needed is a pivot to “boundary-less” security, known more commonly as Zero Trust. In a Zero Trust model, all users and devices—both inside and outside the corporate network—are deemed untrustworthy. Access is granted based on a dynamic evaluation of the risk associated with each request. The same security checks are applied to all users, devices, applications, and data every time.
Zero Trust is gaining traction. Getting to a Zero Trust model can take years of effort and require collaboration across the enterprise. If you are committed to deploying a Zero Trust model, or even if you’re just considering it, here are 10 tips to help make your journey a bit smoother.
Tip 1 - Realign around identity
Identity is the best starting point for Zero Trust. Users can have multiple devices and access enterprise resources from a variety of networks and apps.
Tip 2 - Implement conditional access controls
Hackers routinely compromise identity credentials and use them to access systems and move laterally in the network. Trust cannot, therefore, be inferred solely from whether a particular user or their device is inside or outside the corporate network.
Tip 3 - Strengthen your credentials
Weak passwords undermine the security of your identity system and make it easy for hackers to compromise your network via, for example, password spraying or credential-stuffing attacks.
Tip 4 - Plan for a dual-perimeter strategy
To prevent business disruption and re-introducing old risks, maintain existing network-based protections while adding new identity-based controls to your environment.
Tip 5 - Integrate intelligence and behaviour analytics
Support for identity-based access control in cloud applications is not the only reason to accelerate cloud migration. The cloud also generates richer telemetry to enable better access control decisions. For example, such telemetry can augment conditional access controls by making it easier to infer abnormal user or entity behaviour to identify threats.
Tip 6 - Reduce your attack surface
To bolster the security of your identity infrastructure, it’s important to minimise your attack surface. (That’s good security practice in general, of course.) For example, implementing privileged identity management will minimise the likelihood of a compromised account being used in an administrator or other privileged role.
Tip 7 - Increase security awareness
Your identity and endpoint infrastructure can generate a high volume of security events and alerts. Use a Security Information and Event Management (SIEM) system to aggregate and correlate the data to better detect suspicious activities and patterns that indicate potential network intrusions and events, such as leaked credentials, bad IP addresses, and access from infected devices.
Tip 8 - Enable end-user self help
Users are likely to be far less resistant to Zero Trust than they are to many other security initiatives. That’s because they’re already familiar with identity-based access on their personal devices and apps and want the same experience at work. Zero Trust enables security organisations to secure (and say “yes” to) modern productivity scenarios like mobile devices, BYOD, and SaaS applications, keeping users happy without compromising security.
Tip 9 - Don't overpromise
Zero Trust is not a single “big bang” initiative like implementing multi-factor authentication. It really is about a long-term end stage with a new generation of security controls that are built entirely differently from traditional network-based access models.
Tip 10 - Show value along the way
One of the most effective ways to build long-term support for a Zero Trust initiative is to demonstrate incremental value with each investment. In IDG’s security survey, more than half of the respondents (51%) said a Zero Trust access model would help improve their ability to protect customer data and 46% said it would help enable a superior and more secure end-user experience.
There’s no way to predict which new exploits will appear in the wild on any given day or how they might gain entry into your environment. Because one can never assume that any particular user or the device, app, or network they’re using is completely safe, the only reasonable approach to security is to trust nothing and verify everything.
A Zero Trust model is not easy to achieve, but it’s a key element of any long-term modernisation objective for the digital enterprise.
To learn more about how to address cybersecurity challenges, chat to one of our experts.
Why Wavenet Wholesale?
Wavenet have over 20 years experience in voice technologies working with businesses across the UK to deliver high-quality, reliable voice and phone systems. With TeamsLink we have partnered with Microsoft to create a platform that provides on-net, high quality traffic through diverse routes to give your customers the ultimate unified communications foundation.
We have an internal development team dedicated to advancing our technology and providing our customers with the best solution on the market. As well as our own developers we are partnered with vendors that can provide Microsoft Certified handsets that run Teams directly on-screen, giving your customers the choice of how they roll out Teams calling to their users.
Partner with Wavenet Wholesale and ensure you close every deal.