Zero Trust is a proven security strategy or set of principles and solutions that are based on the idea that a breach of your network is not only a possibility but a given. It’s based on the idea of securing not only the network but every user and device.
Our Zero Trust blog series explores the different core features and facets of this approach, and why it’s so needed today. You can read more on our overview of Zero Trust, and Identity and Access Management (IdAM). In this blog we’re exploring another practical application of Zero Trust- Control and Monitoring.
Regardless of the industry you’re in, Zero Trust is a growing requirement as the rise of cyber threats continues, with big key organisations hit by attacks within weeks of each other, attacks that impact thousands and millions of customers.
The principles and solutions of Control and Monitoring
Control and Monitoring is a core principle of any Zero Trust strategy, enabling IT teams to grant access only to those eligible to have it. After we are able to identify users and devices, and enable authorisation of access, we can move onto the ability to provide, control and monitor access points and devices. This includes considering access for applications on-premise in the cloud and SaaS, as well as files, servers and databases, OT devices, and the web.
In other words, once a Zero Trust framework is able to identify a user or device, the business must implement controls to grant application, file and service access to only what is absolutely required.
There are many different solutions that can be implemented to aid in the Control and Monitoring of users. For instance:
- Access Management
- Privileged Access Management (PAM)
- Password Manager
- Security Mail Gateway and Filtering (SMG)
- Secure Web Gateway and Filtering (SWG)
- Data Loss Prevention (DLP)
- Cloud Access Security Broker (CASB)
- Active Directory Security Management
- Cloud Security Posture Management (CSPM)
Breaking down three components- PAM, Micro-segmentation and DLP
Privileged Access Management (PAM) is an important component of a Zero Trust strategy, and helps to extend defence of any business beyond simple compliance. PAM tools are designed to help organisations provide secure privileged access to critical assets, and manage and monitor privileged accounts and access.
For instance, PAM solutions can allow IT teams to automatically randomise, manage and vault passwords and other credentials for administrative, service and application accounts. They control access, and isolate and monitor privileged access sessions, commands and actions.
Access control can be based on user identities, or it can utilise network segmentation. Micro-segmentation, through the likes of next-generation firewalls, can create granular and secure subsets within a network, ensuring users or devices can only connect to or access the resources and services that are relevant and needed. This method is known to reduce negative impacts on an infrastructure if a breach takes place.
The last few years have seen data protection laws explode around the globe. In fact, as of January 2021, more than 130 jurisdictions have data privacy laws, with the EU’s GDPR, Canada’s PIPEDA, and Australia’s Federal Privacy Act three of the toughest. As such, Data Loss Prevention (DLP) has become a common inclusion of a robust security strategy, particularly utilised by businesses or industries that consistently deal with sensitive or personal identifiable information.
The whole focus of DLP is to stop users sending sensitive or critical information outside of the business network. Oftentimes, a network administrator will control the data that users can transfer. The DLP solution will enable the business to classify rules that will protect information. For instance, if an employee tried to forward a business email outside of the business domain, or upload a file to a consumer cloud storage service, they would be denied permission.
Control and Monitor in action
When the network is no longer sitting within four walls of an office, security must adapt to fit. The principle of least privilege minimises the damage if devices or accounts are compromised, and helps to ensure internal and external data compliance rules and regulations are upheld. Zero Trust Control and Monitor solutions enable businesses to provide access to third parties, such as vendors, suppliers and partners, without opening up vulnerabilities to data leakage or cyber threats.
Controlling and monitoring access is crucial during a time when remote and hybrid working is the norm. The likes of PAM, Micro-segmentation and DLP help to further enhance existing security practices and solutions, ensuring even sophisticated threats or human error has less of a chance of adversely impacting the business.
While it may seem daunting to get started on a Zero Trust journey, it doesn’t have to be. Running an assessment of current security posture is the ideal place to start. This will look at a business’s maturity, identify gaps and required controls, and develop a roadmap for zero trust implementation. From here a business can move into design, deployment and integration, and can also consider managed services from a reputable supplier.
At its heart, Zero Trust operates on the thinking that identity is the new firewall, and granting access to a specific platform or resource doesn’t mean the user will have access to the entire network. In this way information, intellectual property, the business network and solutions are further protected.