Platinum Business Magazine - issue 90

Page 70

TECHNOLOGY

THE IMPORTANCE OF ZERO TRUST Why you need dynamic user and device authentication Ancient tactic, modern threat. Assume the arrow is already over the wall. By Scott Nursten, CEO, ITHQ Centuries ago, armies might fire letters attached to arrows over the wall into a besieged city, promising a reward to anyone who opened the gates. In 2020, a Tesla employee was contacted by a Russian cybercriminal, promising to pay $1 million if they helped infect the company’s system with malware. (Luckily for Tesla, this employee blew the whistle.) The point is, an ancient tactic was used in a modern setting, highlighting the vulnerability still posed by insiders. Combatting this threat means applying the tenets of Zero Trust, based around the presumption that you’ve already been breached. If the enemy is already inside your defences, your firewall is useless. If they are disguised as someone with all areas access, how will you catch them out?

70

www.platinummediagroup.co.uk

THE OLD TRUST ZONES ARE GONE

Zero Trust is a new form of security architecture which has replaced the old ‘trust zones’ network design. As a rule, the more exclusive the access to a zone, the higher the trust. A general low-trust zone carried few access requirements. A private zone with more stringent access requirements carried higher trust, while your financial zone, for example, would be accessible to only a few people and would therefore be your highest trust zone. Trust implications might mean data wasn’t encrypted inside the highest trust zone, or that location alone would act as proof that only the right users were in there. With more attacks exploiting the trusted user, their laptop or phone, you can no longer trust authenticity of identity based on access level alone.

The answer now is to create policy decisions and enforcement points across your networks. In other words, replace trust zones with Zero Trust: controlled, conditional, dynamic access in multiple places. Your staff are trustworthy. Hackers pretending to be your staff are not Zero Trust has garnered negative reactions because people infer a lack of trust in their staff. Let’s be clear: this is not about mistrusting individuals in your building. This is about verifying that every user and device on your network is the person and device you expect it to be. Just because a person is logged in as ‘Sam’ doesn't mean it is really them. Without multifactor authentication, biometrics and additional checks, we can't determine authenticity of user or device. Standard access to your cloud-based environments and SaaS platforms, is usually via a username and password, maybe an MFA token: all of which are possible to hack. IP addresses too are no longer suitable as trusted identifi ers. The only way to authenticate reliably is at user and device level every time access is requested. Hence, the rise of Zero Trust.


Turn static files into dynamic content formats.

Create a flipbook

Articles inside

Trouble in paradise

5min
pages 99-101

Pest problems in new builds are more common than old properties

2min
page 93

Antigua: land of 365 beaches

5min
pages 94-98

Peer Learning: You are not alone

4min
pages 90-92

EU introduces new e-commerce VAT system

3min
pages 88-89

Case Study: Animondial

2min
page 87

When words fail me

3min
pages 84-86

Step on the great accelerator

3min
pages 82-83

Gateway to success

4min
pages 76-78

Gatwick is looking forward

5min
pages 80-81

How residential property developers can prepare for tax increases

2min
page 79

Trio of event partnerships

2min
page 73

The Importance of Zero Trust

4min
pages 70-72

Support Chestnut Tree House

3min
pages 68-69

170 years of excellence

9min
pages 64-67

The Pledge

5min
pages 44-47

Caring about carers

32min
pages 48-63

Ethical Accreditation

5min
pages 40-41

Meat will be the death of us

4min
pages 38-39

What can we do?

1min
pages 42-43

The EV ticking timebomb

4min
pages 36-37

The Bitcoin hazard

2min
pages 34-35

The blind lemming race to annihilation

10min
pages 22-25

Boosting skills training in sustainable industries

3min
pages 30-31

Rivers of blood

2min
page 27

The Dentalessence family

8min
pages 18-21

More water, less land

2min
pages 28-29

A bad air day

2min
page 26

Integrating the vaccinated and non-vaccinated

3min
pages 16-17
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.