In a zero-trust architecture, every user that attempts to connect to a network must be authenticated before gaining access. With the frequency of cyberattacks, a zero-trust architecture on its own is not enough. This article by Aron Brand, CTO, CTERA discusses the multiple layers of security needed to thwart a cyberattack.
The traditional approach to enterprise security showed its age during 2021, with cybercrime estimated to inflict damages of $6 trillion per year globally, according to Cybersecurity Ventures’ 2020 cybercrime reportOpens a new window . As if one pandemic was not enough, it seems that another has emerged simultaneously. This one is called ransomware. In 2021 traditional enterprise security was seriously challenged, and it has caused a shift in how CISOs view data privacy.
There are a few things to bear in mind for today’s enterprises, but the most important is that every access attempt should be considered suspicious until proven otherwise. The traditional work model has been completely reinvented over the past couple of years, with the workforce distributed across home and remote offices. The growing number of cybercriminals exploiting holes in organizations’ infrastructure security is no surprise.Â
Malicious actors now often access a network via a weakness in a remote site or home office and then remain hidden for weeks or even months while they exfiltrate data and gain access to more sensitive systems. Once they have complete control of the critical assets, the operators strike a devastating ransomware attack. The change in working models makes zero-trust architectures based on the principle “never trust, always verify†non-negotiable; traditional “moat and castle†solutions which secure the enterprise perimeter are largely irrelevant in the new working environment.
Four Best Practices for Zero-Trust Systems
In a zero-trust architecture, every user, device, or endpoint – including devices on the LAN or VPN – that attempts to connect to the network must be authenticated before gaining access. Multiple layers of security should be implemented to not only prevent intrusions but also to impede the lateral movement of attackers within the corporate perimeter. Here are four best practices to follow:
1. Bolster passwords and authentication
Minimize the storage of long-lived credentials on endpoint devices. Use multifactor authentication, as compromised passwords are often the weakest link in organization security.
2. Vet your IT suppliers
To reduce the risk for supply chain attacks, verify that your IT suppliers prioritize security during the design and building of their products or services. Ask any potential provider for their latest report from a third-party security assessment and for certifications such as SOC2, FIPS 140-2 (Federal Information Processing Standard), and the Open Trusted Technology Provider Standard (O-TTPS).
See More: Why SPACs Should Deploy Zero Trust Network Access
3. Update security patches
Security patches must be regularly installed on all virtual machines and cloud instances. Password rotation and complexity should be enforced across the entire organization, including devices inside the corporate perimeter.
4. Control access better
Implement segmentation and micro-segmentation of your internal networks for fine-grained access control.Â
Although it’s become a necessity, a zero-trust architecture on its own is not enough. Cyberattacks continue to grow in number and evolve in complexity. For example, Log4shell, which remained undetected since 2013 in a popular open-source library, affected hundreds of millions of devices.Â
In Conclusion
Zero-trust architectures can decrease the blast radius of cyberattacks such as Log4shell but cannot eradicate them. As a result, IT organizations must treat cyberattacks as a matter of when and not if to ensure they can protect and recover their data to reduce the damages from an attack. One key place to start would be to ensure your backup strategy is effective. Keep previous versions of the organization’s files in an immutable repository that is physically separate from the primary copy.Â
See More: 5 Things To Think About When Shifting to Zero Trust
This backup must be encrypted using data encryption keys created and controlled by the organization. No third party, such as a cloud provider, should access or control them. Together, these measures will help ensure that your backups are not compromised or destroyed alongside your data in the event of an attack.Â
As cyber-attackers become more sophisticated, organizations need to stay ahead of the game and stop leaving gaps in their security. Investing in a zero-trust architecture, and maintaining well-protected backups, could very well be the key to survival in the following decade.Â
Do you think zero-trust architectures need more backing? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’re eager to hear from you!
MORE OF ZERO-TRUST SECURITY: