With corporate networks becoming increasingly more complex and distributed, the notion that we can build a giant wall around our data to keep the bad guys out, is an outdated one. Well, almost…
There are still many high-profile cases where hackers were able to bypass perimeter defences by exploiting endpoint vulnerabilities and then move laterally throughout the network, with practically no resistance at all. Fortunately, companies are slowly starting to wake up to the fact that most security threats originate from within the confines of their own network perimeters, which means that a different approach is needed to protect their critical assets – an approach that is based on “Zero Trust”.
What is Zero Trust?
Zero Trust is data security paradigm that asserts that access privileges alone do not equate to trust, and that continuous monitoring and correlating of event logs and network traffic is required to identify suspicious patterns of behavior. A Zero Trust model will verify the credentials and the payload of every transaction that involves sensitive data.
Why is Zero Trust Important?
Zero Trust is not only necessary for mitigating security incidents, but it is also a requirement for many data protection regulations, such as GDPR, PCI, HIPAA, and more. Under the GDPR, for example, companies must maintain visibility into how their data is collected, how it is being accessed and shared, and by whom. Unfortunately, many companies are still using outdated legacy systems, which makes maintaining this level of visibility impractical.
How to Achieve Zero Trust
There are three key methods that can be used to establish and enforce a zero trust policy:
1. Discover and classify sensitive data
If you don’t know where your sensitive data resides, how can you adequately protect it? The answer is, you can’t!
Traditional data management tools that are available in most enterprise-grade database applications are largely ineffective when it comes to mapping data across complex, distributed environments. In order to comply with the zero-trust methodology, enterprises will need to adopt a solution which can automate the discovery and classification of sensitive data across multiple platforms.
There are a number of commercial solutions available which can discover and classify a wide range of data types, including PII, PHI, PCI, and more. Some of the more advanced solutions will automatically encrypt and/or redact certain pieces of information, such credit card number or social security numbers.
2. Enforce “least privileged” access
For Zero Trust to work, companies must adhere to the “principal of least privilege”, which ensures that employees are granted the least privileges they need to carry out their role. Should a hacker gain access to a legitimate set of credentials, the PoLP will limit the possibility of a malicious entity moving laterally across the network uncontested.
3. Real-time monitoring of privileged accounts
Enterprises will need to ensure that they have the right technologies in place to be able to detect, alert and respond to any suspicious user behavior in real-time. They will need to monitor account privileges, as well as protected files, folders, and email accounts. Some of the more advance Data Security Platforms provide additional features such as “threshold alerting”, which can automatically detect and respond to events that match a pre-defined threshold condition. Likewise, machine learning algorithms can be employed to establish typical usage patterns. Should these patterns shift, for whatever reason, the IT team will need to be informed immediately, and/or a custom script can be executed to either isolate a specific event or lock-down the system until the threat has been identified, contained and removed.