Zero Trust Security Model

For Centero experts, zero trust is not a trendy catchphrase or the latest cool gadget in cyber security. It is a whole new way of thinking about information security, and we have decided to base our solutions strongly on its foundation. In addition to zero trust being present in our product and service offering, we aim to make the security model a part of our customers’ everyday operations and their thinking.

The Threats Are Manyfold…

Cyber security threats such as ransomware attacks and phishing scams are constantly on the news. As we all are more and more dependent on internet access, cloud services, and various endpoint devices, we are also more vulnerable to cyber attacks. Threats include but are not limited to:

  • phishing
  • identity theft
  • broken and stolen devices
  • confidentiality breaches
  • weak passwords
  • too extensive admin rights
  • user and admin mishaps
  • malware, ransomware, and viruses
  • weaknesses in network security.

…But Zero Trust Is a Powerful Protector

There is no single zero trust button to push or a zero trust application to install to take the security model to use. The main zero trust tenet is never trust, always verify, and it should be present both in technical solutions and organizational and individual-level security processes.

Zero trust is especially suited to our age, where people work in different IT environments that encompass various devices, applications, and networks. This has placed new kinds of challenges on unified endpoint management and user identity management to ensure data security.

As per Microsoft, that has embraced zero trust thinking in Microsoft 365 and other solutions, the three principles of zero trust are:

1. Verify explicitly

Verification, authentication, and authorization should be continuous for all resources and be based on all available data points: user identity, location, device health, service or workload, data classification, and anomalies, to begin with.

2. Use least privileged access

User access should be limited to so-called just-in-time and just-enough-access (JIT/JEA). That means less user privileges, strict admin rights management, and risk-based policies.

3. Assume breach

When a breach happens, its effects should be minimized. Blast radius minimization and segmenting user access are paramount, whether the breach is external or internal.

Sami Laiho was the keynote speaker in Centero zero trust webinar.

Watch our Webinar on Zero Trust

Centero webinar Zero Trust and Best Practices for Securing Endpoint Applications with renowned cyber security expert Sami Laiho is available for you to view.

Have You Ever Made a Mistake?

Zero trust is a very people-centric way to approach cyber security in opposition to the traditional way of thinking where password authentication, virus protection software, and firewall were seen as sufficient solutions.

In zero trust thinking human error is seen as a part of the equation, as it is completely rational to presume that almost every user clicks a suspicious link, opens a shady email, or performs some other unwanted action at some point.

When zero trust thinking is a shared principle in an organization, and technical solutions such as centralized access rights management, unified endpoint management, and automated application management are put to use, the users can feel a new kind of safety and freedom in the shared IT environment.

All of us make mistakes, but in a zero trust world, the consequences of the mistakes are far less dire.

Read More of Our Thoughts on Zero Trust

We have published a three-part blog series where our cyber security expert Tuukka Tiainen takes different points of view on the zero trust security model.

Nowadays IT work means you are constantly challenged for authentication in different systems, devices, and services. Generally speaking, you should always be logged into these with as low user privileges or role as possible. This way the end-user can’t harm the environment, be it accidentally or intentionally.”

Seven Steps to Implement Zero Trust in Practice

  1. Use Microsoft Maturity Model Assessment tool to quickly evaluate how ready your organization is to start using the zero trust security model. The tool evaluates your readiness in six different areas.
  1. Use strong authentication, meaning 2-factor authentication (2FA) together with single sign-on (SSO) for better information security without sacrificing good user experience.
  1. Limit admin privileges and other access rights for all users, and use a solution such as Centero Carillon to grant temporarily heightened access rights.
  1. Control application updates for a functional and safe endpoint environment with for example Microsoft AppLocker.
  1. Standardize your IT environment to make sure all users have the same update versions of applications and the same, secure configurations. Centero Software Manager is a handy tool for building a standardized environment.
  1. Use a centralized IT management service based on zero trust principles, such as Centero 365 Manager, to monitor your environment for vulnerabilities and to develop it constantly to be prepared for new threats.
  1. Watch our zero trust webinars here for in-depth information, and contact us if you have something more to ask!