When it comes to cyber security and implementing a policy and solution to keep your business and staff online, there are many, many different approaches you could take. Once such approach is that of ‘zero trust’.
Relying solely on network-based tools, software and apps is no longer enough, cyber-security needs to reach much wider, including not just your networks, but devices, processes and personnel. A zero trust approach takes nothing at face value and assumes that all of this is always at risk – it’s founding motto is ‘Never Trust, Always Verify’!
Least privilege principle
Instead of having ‘trusted’ and ‘untrusted’ networks, devices, personnel etc, a zero trust approach works by the principle of least privilege. ‘Least privilege’ allows users access to only what they absolutely need to successfully fulfil their responsibilities. Therefore if it is not something that a user needs access to in order to complete their job, then access will not be granted.
Data, resources and systems are inaccessible by default, and multiple attributes are considered when granting access. Access is then only granted under the right circumstances when the exact conditional requirements are met.
One-time verification is not sufficient under ‘zero trust’, as threats are subject to constant change – verification is an ongoing, continuous process. This approach is especially great for securing our modern workforce which combines remote workers, hybrid environments and large scale offices, all of which are subject to the same continuous verification since access is given per-application, regardless of whether the request is made on premises or via the cloud.
Short term pain for long term gain
Although a zero trust approach is considered one of the most robust cyber security approaches, it is not without its drawbacks. Since it is concerned with individuals, these individuals require monitoring, and therefore administration, especially in the early days, can be more involved than other ‘blanket’ solutions.
Working across various locations, apps, pieces of software and company systems, it can be a complicated approach to master, but the unrivalled levels of resulting security make this short term pain worth the long term gain. Some of this pain can easily be removed by the implementation of the right cyber security solution, many of which can manage all of this set-up for you.
Acronis Cyber Protect, for example, includes their Detection and Response feature which is designed for zero trust. It detects and stops unusual activities, provides real-time visibility, and enables automatic and manual remediation.
Growth industries for zero trust
Universities are becoming increasingly attractive targets for cyber attacks due to the high levels of IP associated with research and development. As such they have started to embrace a zero trust approach where access is based on the identity of the individual user, rather than the network, system or device they are using.
As an industry thrust into the global spotlight during the Covid-19 outbreak, the pharmaceutical industry is moving towards a zero trust approach to help mitigate risk. Though up against it to produce a life-saving vaccine, a zero trust approach meant ultimate traceability. Regulators and auditors from any country could track all generated data from initial R&D, through testing to product release, to assess compliance for country-specific compliance measures.
If you would like to find out more about implementing a zero trust approach to cyber security it your business, please reach out to our experts.