Why Zero Trust is the Right Security Model for the Cloud

0
101

Today’s cyber attacks are more sophisticated and harder to detect, meaning sensitive data is more vulnerable than ever. Over the past several years, the workforce has moved onto the cloud, generating misconfigured and exposed deployments of various software. In addition, employees have become increasingly mobile and are now accessing their organization’s data from different places and devices.

Employees expect to be able to work on the go, on whatever device they want and with an experience akin to the consumer world. It’s no longer acceptable to have to navigate badly designed web services in unresponsive browsers with desperately slow connections, hence the reason why your organizations are developing their IT strategies to offer greater mobility without sacrificing productivity. However, increased mobility brings its complications.

Attackers are aware of the changes in the digital world and of the vulnerabilities and do all they can to exploit those weaknesses. That’s also the main reason for the increase in the number of multi-vector and multi-platform automated attacks against cloud infrastructure over the past year. This kind of attack often combines crypto-jacking, ransomware and botnet malware all in one. As we saw in the recent Capital One breach, organizations are being forced to customize their cyber-strategy and adopt modern cyber security alternatives like Zero Trust architecture.

 

What is Zero Trust Security?

As opposed to the traditional security model which assumes everything inside your organization network can be trusted, Zero Trust is a security concept based on the belief that your organization can not trust anyone inside or outside their perimeters, but instead verify anything and everything trying to connect to IT systems before granting access. This allows for the delivery of high security, enterprise-wide network service virtually, on a subscription basis for small and mid-market companies to large enterprises.

With this modern architecture, your organization can enforce verification of the user’s identity before granting him or her access to the network. Additionally, they can leverage micro-segmentation (based on the “least privilege” principle) to protect their valuable assets even if an unauthorized user infiltrates the network. In this way,Zero Trust meaningfully reduces the risk of multi-vector attacks and prevents an attack from spreading once it is inside the network.

Principles of Zero Trust Security

Zero Trust security isn’t a solution, it’s a holistic approach to how security teams can manage their  organizations resources and applications while securing access control on the cloud.

MFA

The simplest and most secure way to confirm identity in the Zero Trust model is to implement a multi-factor authentication (MFA) approach. By forcing a second factor for identity verification, it eliminates the risk by ensuring that stolen credentials alone won’t be enough to ensure access.

When you implement MFA capabilities with strong passwords, SSH keys, and strong internet hygiene, you can further reduce the chances of a breach. By requiring significant step ups in authentication, as well as strong cloud policies, your organization can adopt a Zero Trust security model and apply it to identity management.

Device Management

With the increasing adoption of remote employees, your organization needs to verify that each device being used by remote workers has the proper authorization for your organization’s resources.  More employees are using their own devices nowadays and whether they belong to the employee or the organization, the devices need to be authorized.

Limit Privileged Access

The least privilege access model is a key principle in the Zero Trust model. The idea that your organization should limit each user’s access to only the access they need to do their job. By limiting each user’s access, you prevent an attacker from gaining access to large amounts of data through a single compromised account.

So even though we still require verification for every user, the Zero Trust approach requires your organization to provide everyone with the minimal level of privileges that they need, hopefully making it harder for hackers to access critical resources of your organization.

Embrace Segmentation

Zero Trust requires the use of placing security perimeters into small, isolated areas (or zones) to maintain separate access for different parts of the network. With micro-segmentation, files in a network can be placed in separate, secure zones. A user or program with access to one of those zones won’t be able to access any of the other zones without separate authorization. This ties security to individual workloads. Setting up the segmentation is not a one-time-only activity; it will be an ongoing process that will change as your business applications and needs do.

Moving Forward with the Zero Trust Model in Information Security 

By approaching information security with a Zero Trust model, it will enable your organization to modernize its infrastructure without introducing risk. A solution that is scalable, flexible, compliments existing solutions, and can adapt to diverse use cases will ensure successful adoption and protection.

Adopting a Zero Trust security approach doesn’t have to be overwhelming. There are steps that can be taken today to establish protection on the new identity perimeter, giving your organization a layer of security that offers protection without the need to reinvent the entire infrastructure of your organization. Overall, implementing the Zero Trust model will save you and your organization, time, money, valuable resources, and the possibility of a data breach.

About the Author
Amit Bareket is the Founder and CEO of www.Perimeter81.com

Amit is a cybersecurity expert with extensive experience in system architecture and software development. He is the author of 7 patents issued by the USPTO for storage, mobile applications and user interface. Prior to Perimeter 81, Amit worked as a Software Engineer for major enterprises including IBM XIV Storage and BigBand Networks. He served in the Israel Defense Force’s elite cyber intelligence unit (Unit 81) and graduated Cum Laude with a B.Sc. in Computer Science and Economics from Tel Aviv University.