Burak Agca at Lookout explains the importance of informing security decisions with telemetry
Zero Trust was once at the forefront of cyber-security, paving the way for a perimeterless future. But now, it seems to be an industry buzzword, overused by marketeers to the point of becoming a cliché. We are told that we need Zero Trust, but what is it?
It’s easy to pinpoint when Zero Trust became a buzzword. Over the years, security perimeters have become obsolete as people use mobile devices and cloud applications to work from anywhere.
The pandemic was a watershed moment for remote working, accelerating the transition to a work from anywhere model with employees having to use devices outside of their companies’ network perimeter. Organisations were forced to adapt to these changes in order to stay secure.
CEOs and COOs wanted to protect their organisations as quickly as possible and Zero Trust became the strategy that most people understood as the best way to do this.
Vendors then started to explain how their solution enabled Zero Trust, or at least a concept that somewhat reflected it. The meaning of Zero Trust became warped, with most variations being a medley of products connected to virtual private networks (VPN), with elementary on-off access controls based on limited visibility.
Furthermore, a lot has changed since 2014 when Zero Trust was first coined. Data and apps have migrated to the cloud, no longer adhering to corporate file-based access or domain-oriented controls. Today, data is structured differently, if structured at all.
Collaboration and communication technology has also advanced, with endpoints no longer limited to corporate-issued devices, and the threats that endpoints are facing have evolved too. So, just as everything else has changed, so must the concept of Zero Trust; It must evolve. A modern approach to Zero Trust must be established in order to reclaim the solution that is best fit for securing the new remote working world.
Next steps: better telemetry
Many of the access products available today are not doing enough. While they are checking the security postures of users and endpoints at the moment they connect to the infrastructure, more needs to be done. Just because a user remembers their password, uses 2FA and a managed device with antivirus, it doesn’t make them trustworthy.
Deep visibility into all data, apps and endpoints is what is necessary for making smart access decisions that safeguard sensitive data while still facilitating productivity.
In order to implement a modern Zero Trust architecture, changes in risk levels on all devices must be constantly tracked. This includes Android, Chrome OS and iOS devices which are prime targets for attacks that steal login credentials and advanced persistent threat (APT) reconnaissance.
Mobile devices, even those that are corporately issued, are rarely connected to an enterprise perimeter as they often use cellular of public Wi-Fi, and they are also exposed to vulnerabilities in their software and applications.
User behaviour analysis is needed
Users require continuous risk assessments too, as they can be equally as complex – understanding how users behave can improve anomaly based detection. Having a solution that allows you to view all of the organisations apps and data and how they are being accessed, can help to provide in depth knowledge on users and their typical activities.
Detecting unusual behaviour can help identify if there is an insider threat, or if a user’s credentials have been defrauded, and allow the access to be controlled and the threat mitigated as needed.
While continuous assessment of your users and endpoints is essential, it is important to ensure that users have what they need to be productive while also safeguarding sensitive data. In order to do this, policies can be enforced to map risk with data sensitivity.
The modern method
Organisations need a modern approach to Zero Trust and this should combine security, visibility and access controls within a singular platform is key.
For example, having Continuous Conditional Access (CCA) incorporated allows an organisation to set policies and configurations to consider all the typical endpoint indicators, such as malicious apps or compromised devices, while the integrated access platform will enable them to monitor any indicators of anomalous behaviour, such as unusual patterns or locations.
Once this telemetry is collated it can allow any threats to be treated appropriately. Access of sensitive data can be restricted, set-up authentication can be requested, and all access can even be shut down in the case of a data breach.
Zero Trust is facing a new era, and the architecture needs a redesign. By implementing an integrated security and access platform organisations can gather insights into endpoints, users, networks, apps and data, giving them complete control from endpoint to cloud.
Organisations are granted with invaluable knowledge allowing them to effectively detect threats, support compliance requirements and ultimately stop breaches.
Burak Agca is a Security Engineer at Lookout
Main image courtesy of iStockPhoto.com