Zero-trust security suggests exactly what the phrase insinuates: don’t trust anyone when it comes to cybersecurity. In a way, this goes against the nature of people and our society. Innocent until proven guilty is a principle that many of us adopt. For cybersecurity, it should be the opposite: users must be seen as guilty until their identity is proven true.
Zero-trust security isn’t a one-time measure, it’s a check that must be carried out again and again. A user cannot just be verified once and then left to roam in a network; they must be continuously verified and analyzed to ensure their behavior is consistent and that they are who they say are.
Why is zero–trust security essential today?
This approach is a logical development in the nature of cybersecurity. Previously, cybersecurity teams would build a fortress to protect the network – back in the days before remote working and the proliferation of the cloud. The fortress would be difficult to get into but, once in the gate, a user was free to wander around. They were trusted.
Nowadays, organizations’ structures are different. The traditional network has been replaced by disparate end points, partner ecosystems, SaaS applications, and thousands of devices spanning geographies and time zones. This model of working was accelerated by COVID-19, where most businesses had to enable remote working – even if it was an unfamiliar policy.
This way of working brings with it an increased risk of identity theft and therefore makes zero-trust security essential. Through phishing scams, password credential theft, and other tactics, cybercriminals are able to mine for employees’ identities. They can enter the network under the guise of a legitimate login and then wreak havoc. Zero trust goes a long way to prevent this scenario by questioning every user and action for authenticity and verification – making it much more difficult for cybercriminals to enter the network.
What does zero–trust security look like in action?
Many companies are talking about zero-trust security, but implementation is not yet wide scale. This is because zero-trust security is an amalgamation of technologies, policies, and cultural and infrastructure change. It can be tricky, for example, to tell the chairman of an organization that they are no longer trusted and that their identity must constantly be verified. Cultural understanding is a huge part of the process.
In terms of technology solutions, zero-trust security involves a plethora of technologies that work together to create an ongoing analysis of users and their behavior. Two-factor authentication and identity and access management are critical. More exciting are the innovations occurring with AI-infused identity and access management. With this technology, one can analyze a user’s behavior down to how they are typing on their keyboard or holding their mouse. The AI can then detect if there are any anomalies and demand verification or even shut out the user if suspicion is raised.
Network segmentation is also key, locking down many doors within the fortress and asking the user to verify themselves at each point. Endpoint security is also a must to combat phishing emails or malware picked up from an unsafe WiFi network, for example.
Who can you trust?
Because zero trust is inherently complex and expansive, many organizations choose to use a trust broker to mediate the process. A trusted broker acts as a third-party authenticator, sitting between the user and the organization. They use the solutions above to verify users and flag any anomalies in behavior, taking the pressure off internal security teams and allowing them to focus on more high-value, business orientated tasks rather than focusing on threat-watching.
Interestingly, trust brokers are already a standard feature on the dark web, because cybercriminals, by nature of their business, do not trust each other, and they use third-party trust brokers to mediate transactions and safeguard both parties from scams. For once, organizations can learn from cybercriminals: zero trust and suspicion must be the norm when it comes to cybersecurity.
To find out more about how we can help you, visit https://www.capgemini.com/cybersecurity-services/
Listen to our Podcast on Cybersecurity innovation: Thinking outside (and inside) the perimeter
Follow Geert van der Linden on LinkedIn and Twitter.