The fact is we live in a world where bad actors actively target individuals and devices for cyber-attacks, proven by the fact that in 2021, there was a 50% increase in overall attacks per week on corporate networks compared to 2020.
As an outcome, most if not all, companies must plan and execute strategies to protect themselves, their customers and their employees. This reality explains why in 2021, 41% of respondents from a global survey have plans to adopt a zero trust strategy with 72% of respondents adopting zero trust now or in the future.
What is zero trust?
First and foremost, an effective zero trust framework is a journey not a destination. Secondly, zero trust is not a switch that can be turned on with one click, but rather it’s a security strategy with multiple processes, tools and technologies all designed to protect “mobile anywhere” end users and company data at a micro level. Net, net, zero trust focuses on secure access, device management and user authentication in order to gain access to applications and data.
The good news, it is likely that you already have some of the tools and technologies that fit into a zero trust framework, but you need implement them at a micro level. So, how do you prioritize zero trust tools and technologies and how do you build out your framework?
Tools and technologies to assess and implement as a starting point
- Review your current company policies and ensure they are aligned with today’s dynamic work environments and can accommodate flexibility related to access rights and the use of personal devices.
- Apply an application/cloud/service proxy tool that “wraps” an application and isolates the application on a device.
- Protect corporate data via an endpoint management solution at a micro level ultimately mitigating concern that “big brother” is targeting personal data.
- Utilize mobile device management tools to create profiles that can delete company data if an employee leaves without impacting personal data.
- Implement micro level data protection encryption to applications and data to ensure no sensitive date is stored on a device.
Practical steps for starting or continuing a zero trust journey
- Discover your assets, including networks, servers, PCs, laptops, mobile devices, physical storage and data.
- Classify data assets, including intellectual property, customer and employee information and assets in content management systems, according to type, sensitivity and value. This exercise helps you apply appropriate data protection strategies and comply with applicable regulations.
- Implement an identity and access management solution. Look for flexibility to set identity policies and apply automation features. Choose a sustainable multifactor authentication process.
- Implement an endpoint protection solution to protect against threats such as malware, ransomware and zero-day attacks.
- Implement an email security solution with granular control that classifies email types and detects and blocks threats.
- Implement a web security solution that protects users browsing the web.
- Implement a proxy solution for applications, cloud access and/or services. A cloud access security broker (CASB) solution, for example, can address security gaps in SaaS, PaaS and IaaS.
Ready to dig into zero trust a bit more? Read our latest whitepaper, which provides more in-depth guidance on implementing an effective zero trust practice.