Zero Trust in the Digital Transformation Age
In the digital transformation age, enterprises are shifting from traditional perimeter security approaches to the Zero Trust framework to protect their most sensitive networks. Centered on the belief that organizations should not automatically trust anything inside or outside their perimeters, this model demands that they verify anything and everything trying to connect to systems before granting access.
Following are five steps for building out modern architectures that align to Zero Trust:
1. Take a risk-prioritized approach. With an expanding cyber attack surface, it’s difficult to prioritize security initiatives. Instead of tackling everything, take a programmatic approach that incorporates a thorough understanding of the risk your organization faces as it relates to Zero Trust and build upon it over time. Your first priority should be securing your enterprise at the core, which starts with securing privileged access.
2. Implement multi-step authentication for business-critical assets. With powerful control of enterprise identities, Tier 0 assets must be aggressively protected. Continuous multi-factor authentication (MFA) is essential in narrowing the focus of trust for users and devices – but it shouldn’t end there. Consider introducing step-up authentication and managerial approval processes that enable the authentication of privileged users at the exact point of access.
3. Lock down privilege on the endpoint. Reduce the risk of attacks using compromised privileged account credentials by locking down privilege on the endpoint. Additionally, implement restriction models that only trust specified applications, run by specific accounts, under specific circumstances. This will help mitigate the risk of ransomware and code injection attacks.
4. Protect the privileged pathway. Monitoring the privileged access pathway prevents malicious insiders and external attackers from progressing their attack. Place tight controls around what end users can access; create isolation layers between endpoints, applications, users and systems and continuously monitor access. Innovations such as machine learning can help you to identify and respond rapidly to threats.
5. Get granular about access control. It’s essential to know who (human and non-human) has access to what assets, when and which actions they can perform. Enforce the principle of least privilege broadly, along with attribute-based access controls that combine enterprise-level policy with specific user criteria to balance security with usability.
By practicing defense-in-depth and incorporating privileged access security controls at the core of your strategy, you can achieve a true Zero Trust framework that helps drive down risk and empowers your organization to embrace transformative technologies with confidence.
Read this article and others in the Identity Insider magazine.