February 17, 2022
Increasing your Security Posture
Taking steps to implement zero-trust can help your enterprise reduce the likely hood of a cyberattack and the loss of data and business due to the attack. According to Gallagher’s 2021 Cyber Insurance Market Conditions Report, the average business interruption costs associated with a ransomware attack total $228,000, while the average ransom was $81,000. It means that, on average, business interruption costs were 2.8 times the ransom itself. Furthermore, in 2021, it took business an average of 287 days (almost an entire year!) to identify and contain the data breach.
Zero-Trust Environment Key Principles
In shaping your zero-trust environment, keep in mind the following fundamental principles:
- Assume compromise — even on “internal” networks.
- Use context and identity (“contextual identity”) as the foundation for access decisions.
- Location is not a critical trust determination, but it may be one attribute. Studies have shown remote work increases the likelihood of a security breach.
- Encrypt data at rest and in motion.
- Monitor everything and use the monitoring to identify anomalies.
Five Basic Steps for Achieving a Zero-Trust Architecture
Although the idea of implementing zero-trust can be viewed as daunting and expensive, zero-trust uses existing network architecture. There are no specific products to achieve zero-trust; instead, products should be compatible with a zero-trust architecture and environment. A zero-trust architecture can be simple to deploy and maintain using the five-step methodology outlined by Forrester back in 2010.
- Identify the protected surface, including sensitive data and applications. Forrester recommends a simple three-class model using public, internal, and confidential categories. Data requiring protection can then be segmented into the micro perimeter linked together to yield a broader zero-trust network.
- Map the transaction flows of all sensitive data to learn how data moves between people, applications, and external connections to business partners and customers. Then dependencies on network and system objects can be exposed and protected. This exercise can yield data flow optimizations to improve overall performance and security
- Define a Zero-Trust architecture for each micro perimeter based on how the data and transactions flow throughout the enterprise (and external partners). You can achieve this with software-defined networks (SDNs) and security protocols using physical or virtual NGFWs.
- Create a Zero-Trust policy once the network design is done. Many organizations utilize the Kipling Method, which addresses the who, what, when, where, why, and how of your policies and network. It enables a granular layer seven enforcement policy so only known and authorized applications or users can access the protected surface. Assume all personal devices, whether company-owned or BYOD, are unsafe. A component of this step is the implementation of a granular identity and access management system that covers people, devices, and application processes.
- Automate, monitor, and maintain to determine where any anomalous traffic flows by monitoring surrounding activity. Figure out where the abnormal activity occurs and watch all the surrounding actions. Automate the inspection and analysis of log traffic, so data can flow without impacting operations.
Help with Zero-Trust
Starting with an IT security assessment of your environment can help implement zero-trust. An assessment can pinpoint the areas needed for improvement and a roadmap to improve your overall security posture. Our security experts review not just IT security but your overall infrastructure to help you achieve zero-trust within your budget and time constraints. Contact us for a free initial consultation.