Digital transformation has rendered security strategies that were built around protecting the perimeter of an enterprise no longer adequate, especially in IT ecosystems in which there really are no well-defined edges anymore. It’s unfortunate, yet painfully true, that we live and work in a world in which trust is a quaint, almost archaic, quality. Nowhere is this more true than in the business world, which has grown wholly dependent on its IT infrastructures and systems.
Security becomes much more challenging when a company’s IT infrastructure extends beyond the walls of its building(s), with its networks connecting to customers, partners and third parties whose IT assets reside around the globe and in multiple public or private clouds.
Suddenly, it becomes relatively easy for hackers to access a company’s applications and data. Traditional perimeter defenses (often referred to as edge security) aren’t very effective. An organization’s anti-virus software, firewalls, user authentication programs and other long-standing security methodologies just aren’t a match for bad actors, foreign government agencies and others who spend their lives looking for ways into IT infrastructures to seize the data and other valuables that lie within.
As a result, data breaches and other malicious exploits proliferate. You may remember the ransomware attack on the Colonial Pipeline Company in 2021 that caused fuel shortages across the U.S. Hackers accomplished that with the use of a single password.1 Or the Solar Winds attack that exploited a routine software update and compromised about 100 companies (including Microsoft, Intel and Cisco) and about a dozen government agencies including the U.S. Treasury, Department of Justice, Department of Energy and the Pentagon.2 Or the 2021 data leak that exposed personal data belonging to more than 100 million Android users due to misconfigured cloud services.3
In 2010, Forrester research analyst John Kindervag introduced a new concept, which he called “zero trust.”4 In a nutshell, his concept rearranged the old maxim “trust but verify” into “never trust, always verify.” That means continuous identity verification of users, whether they are inside or outside your network perimeter. It requires monitoring of their activity to detect any unusual work patterns or areas of access, and the same for all devices being used.
Zero trust assumes that every user and device is a potential threat until proven otherwise. That sounds extreme but, unfortunately, it’s necessary. Assuming otherwise based on recognizing passwords, users and devices that have previously accessed your infrastructure before can cost you dearly.
We don’t want to ignite paranoia across your organization, but it’s important to understand that effective cybersecurity requires constant vigilance.
Here are some more fleshed out principles you can use as you consider how to implement a zero trust strategy across your IT infrastructure:
While it would be convenient if there was a single zero trust product that could be quickly and easily deployed, that’s just not the case. Zero trust is a framework, not a product. It lays out a number of tenets that, when vigorously applied, can significantly reduce damage to your organization and reputation.
Understanding what zero trust is and how its underlying principles can apply to your organization is an important step forward toward a more secure IT infrastructure. From there, you can create a multi-disciplinary team including data security, network security, user and device authentication and other pertinent experts to create a zero trust implementation to protect your ever evolving IT enterprise.
You may need outside assistance with such an initiative and there are companies that focus on the various types of capabilities that together can deliver zero trust security solutions. You can find some on CoreSite’s IT Service Provider Marketplace, including:
However you choose to proceed, the key to success is to get started now (if you haven’t already) and to make zero trust a top priority.
Read “Real-Time Cyber Threat Detection Platform Leverages AI/ML to Reduce Risk and Improve Security” to learn more about zero trust security.Know More
CoreSite partner Seceon provides cybersecurity solutions that include real-time monitoring to identify and reduce security threats for enterprises.
Download the case study today and get in touch to know more about how CoreSite can improve infrastructure security.