By Ravi Purohit
Network security has always had many organisations worried, especially during this time when the current working scenario has become largely remote. As companies have become mobile, it increases the risk of having their applications, devices and other corporate assets compromised. So, do you think a traditional cyber security model would help your enterprise stay secure?
With the recent cyber attack on tens of thousands of Microsoft’s corporate customers, enterprises have become more vigilant on how they can best secure their network. What steps can be taken to mitigate such attacks while keeping their businesses running and support their clients effectively?
According to a 2019 Cost of Data Breach Report by IBM Security, the average cost of a data breach in the US stands at US$ 3.92 million, as for businesses in the Asia Pacific, Microsoft reports that cyber-crimes could cost businesses US$ 1.75 trillion. The solution to this is to consider a much secure and viable cyber security system in place and that is why Zero Trust Security is the key.
But what exactly is this Zero Trust?
The zero-trust security model is not a single technology, it is a growing set of security patterns. It takes a pragmatic approach as compared to the traditional one where organizations grant access to only confirmed-safe users, systems, and processes, thereby preventing bad actors looking for ways to penetrate security systems. If a breach does occur, micro-segmentation will minimize the damage that could be caused by a threat actor. This helps businesses defend against emerging threats like ransomware.
So how can Zero Trust boost an organisation’s security?
Frameworks: The first and most important step is as simple as putting frameworks in place by defining the best practices an organisation will follow to manage its cybersecurity risk. All said and done, employees need to be reassured that the organisation takes appropriate steps to ensure better security. And the zero trust security model strives to make enterprises resilient to cyberthreats by continuously identifying and eliminating uncertainty in enforcing security rules. In today’s digital world, Zero Trust Architecture is designed with the realities of the current threat landscape in mind: enterprises cannot detect and block every threat; however, zero trust practices can improve a business’s security posture by implementing ways to grant and control access across the network.
Micro-segmentation: This allows enterprises to easily segregate physical networks into thousands of logical micro segments which is then protected thereby lowering the risk as only those who are authorised and given access to can view the information. The purpose of micro-segmentation is to reduce the attack surface to a minimum while ensuring the prevention of any unauthorised lateral movement. Depending on the approach used, security engineers could create secure zones to isolate environments, data centres, applications, and workloads across on-premise, cloud, and hybrid network environments.
Secure the internet network: Applications and workloads have moved to the cloud, and users access them remotely. This means that the network is no longer a secured enterprise network. Instead, it is unsecured internet. The network perimeter security and visibility solutions employed by most businesses to keep attackers out are no longer practical or robust enough. Zero trust employs least-privilege and “always-verify” principles, offering complete visibility within the network, whether in data centres or the cloud.
Limited access to your expanding workforce: We know that these days enterprises do not restrict themselves to just employees and customers having access to their networks. Many users outside the network such as vendors servicing a system, suppliers or partners also has access a business’ applications and infrastructure. However, none of these non-employees should or need access to all the company’s applications, infrastructure or business data. A well-executed zero trust strategy allows authenticated access based on key dimensions of trust. This enables businesses to more precisely control access, even to those with elevated privileges.
Securing WFH environment: In the Covid-19 era, the risk of personal data getting leaked or company’s system getting compromised are no big deal. Overnight businesses went remote, providing access to outside the office network, customer information etc. In the midst of all these changes, organisations did not have much time to think about security, and all this accelerated more chance for hackers to exploit their systems. Cyber-attacks on some of the biggest Indian startups like BigBasket, Juspay, Unacademy and White Hat Jr. took the industry by storm during the pandemic last year. Upwards of 50 mn records stolen! And that is big enough! With a remote workforce, the possibility of unsecured Wi-Fi networks and devices increases security risks exponentially. Without an overarching system like a zero trust framework, whether or not employees are working in a secure environment can no longer be verified — or controlled.
Gone are the days when organisations could simply trust whatever exists within the network. And while the saga of attacks and data breaches continue, we should ensure that we implement cutting edge innovation such as zero trust model that requires the use of monitoring solutions and automated capabilities to respond to such incidents as soon as possible.