The Threats Are Manyfold…
Cyber security threats such as ransomware attacks and phishing scams are constantly on the news. As we all are more and more dependent on internet access, cloud services, and various endpoint devices, we are also more vulnerable to cyber attacks. Threats include but are not limited to:
- identity theft
- broken and stolen devices
- confidentiality breaches
- weak passwords
- too extensive admin rights
- user and admin mishaps
- malware, ransomware, and viruses
- weaknesses in network security.
…But Zero Trust Is a Powerful Protector
There is no single zero trust button to push or a zero trust application to install to take the security model to use. The main zero trust tenet is never trust, always verify, and it should be present both in technical solutions and organizational and individual-level security processes.
Zero trust is especially suited to our age, where people work in different IT environments that encompass various devices, applications, and networks. This has placed new kinds of challenges on unified endpoint management and user identity management to ensure data security.
As per Microsoft, that has embraced zero trust thinking in Microsoft 365 and other solutions, the three principles of zero trust are:
1. Verify explicitly
Verification, authentication, and authorization should be continuous for all resources and be based on all available data points: user identity, location, device health, service or workload, data classification, and anomalies, to begin with.
2. Use least privileged access
User access should be limited to so-called just-in-time and just-enough-access (JIT/JEA). That means less user privileges, strict admin rights management, and risk-based policies.
3. Assume breach
When a breach happens, its effects should be minimized. Blast radius minimization and segmenting user access are paramount, whether the breach is external or internal.
Watch our Webinar on Zero Trust
Centero webinar Zero Trust and Best Practices for Securing Endpoint Applications with renowned cyber security expert Sami Laiho is available for you to view.
Have You Ever Made a Mistake?
Zero trust is a very people-centric way to approach cyber security in opposition to the traditional way of thinking where password authentication, virus protection software, and firewall were seen as sufficient solutions.
In zero trust thinking human error is seen as a part of the equation, as it is completely rational to presume that almost every user clicks a suspicious link, opens a shady email, or performs some other unwanted action at some point.
When zero trust thinking is a shared principle in an organization, and technical solutions such as centralized access rights management, unified endpoint management, and automated application management are put to use, the users can feel a new kind of safety and freedom in the shared IT environment.
All of us make mistakes, but in a zero trust world, the consequences of the mistakes are far less dire.
Read More of Our Thoughts on Zero Trust
We have published a three-part blog series where our cyber security expert Tuukka Tiainen takes different points of view on the zero trust security model.
“Nowadays IT work means you are constantly challenged for authentication in different systems, devices, and services. Generally speaking, you should always be logged into these with as low user privileges or role as possible. This way the end-user can’t harm the environment, be it accidentally or intentionally.”
Seven Steps to Implement Zero Trust in Practice
- Use Microsoft Maturity Model Assessment tool to quickly evaluate how ready your organization is to start using the zero trust security model. The tool evaluates your readiness in six different areas.
- Use strong authentication, meaning 2-factor authentication (2FA) together with single sign-on (SSO) for better information security without sacrificing good user experience.
- Limit admin privileges and other access rights for all users, and use a solution such as Centero Carillon to grant temporarily heightened access rights.
- Control application updates for a functional and safe endpoint environment with for example Microsoft AppLocker.
- Standardize your IT environment to make sure all users have the same update versions of applications and the same, secure configurations. Centero Software Manager is a handy tool for building a standardized environment.
- Use a centralized IT management service based on zero trust principles, such as Centero 365 Manager, to monitor your environment for vulnerabilities and to develop it constantly to be prepared for new threats.