Network security is a major headache for business. It almost makes one long for the days of one computer per desk and nothing connected to anything else.
Almost. Those air-gapped computers weren’t all that secure either. Sneaker networks, meaning running around with floppy discs, allowed malware to spread and sensitive files to be copied. It’s just that today’s networks with LANs, local data centers, multi-clouds, and the Internet make it really hard to know who’s sneaking in where and what they are up to.
One breach in a corporate network can run up a cost in the millions. If ransomware is involved, the bill can be a lot higher… and a lot more disruptive. What can you do? Don’t be so trustful. Make sure your system is suspicious of everybody and everything all the time. The buzzword for that is “zero trust security.”
What is Zero Trust and How is it Different?
Traditional network security is sometimes compared to a castle with a moat. The castle is your corporate network. Everybody inside the castle is considered to be friendly and trustworthy. Everybody beyond that moat is suspected to be an enemy. The drawbridge is your firewall. It works to keep the bad actors away from the castle while allowing trustworthy visitors access. It assumes that everything bad is going to come through the Internet.
There are a couple of weak links with this approach. First is that some bad actors can already be inside the castle. There are spies and infiltrators and even trusted employees that have turned rogue. Of course we want to trust our colleagues, and that’s how we get in trouble. Even worse when we automatically trust our vendors and customers.
Then there is the famous tale of the Trojan Horse. Gee, it sure looks safe enough. Let’s open the firewall and bring it in. You can just imagine some well-meaning but naive individual in your company doing just that. Of course the gullible Trojans got the worst of that deal since once the Greeks were inside they had the run of the city.
Moral of the story: It’s too easy to have your organization destroyed by one little misstep. Trust no one and no thing. Network security is not an insult to your integrity. It’s a way to make everyone more secure and prevent little slips from becoming major disasters. That means high security processes both inside and outside the network.
What Makes Zero Trust Work?
It starts with having everybody and every thing, meaning anything attached to the network, prove that it is approved for access and what they are approved for. You can’t really say that because someone has been cleared by, say, logging-on, that they should be able to access all the files and every peripheral on the net.
Oh, no. You must have a need to know for everything you want to access. That leads to segmenting the network into much small pieces that each have to be accessed separately. You may have access to one set of information to be able to do your job, but no way are you getting into some of the companies trade secrets or even financial data. Access to HR files? Fat chance… unless you are specifically authorized to see them.
Each use and each device will have a profile constructed that says what they can do and where they can do it. These lists will be used by the network administration to grant or refuse access. You may find that your access times out and you have to log in again to keep using a particular resource. Multi-Factor Authentication, like password plus a code sent to a mobile phone or a hardware key that must be plugged-in, is especially valuable for access through the Internet or to highly sensitive data.
Zero Trust Security does take some doing to implement and maintain, but it can also be the means that keeps hackers and scammers of all sorts from stealing your information or damaging your systems. Are you feeling vulnerable? Learn more about how to secure and safeguard your network and get a complementary quote appropriate for your business.