Time is of the Essence: Putting Zero Trust into Practice Today

By PJ Kirner, CTO at Illumio

The Covid-19 pandemic brought with it a rise in remote work and accelerated cloud migration, leaving security teams to grapple with newfound cybersecurity challenges.

With the widening and evolving threat landscape organisations are increasingly turning to a Zero Trust framework – an industry best practice predicated on “assume breach” and “least privilege” principles – to enhance business resilience and protect critical assets across on-prem and cloud environments.

To those just starting out on their Zero Trust journeys, the road ahead may look complex. But by starting small and protecting your most high value assets first, your organisation will be able to safeguard your most critical resources in no time. Here’s what you need to know about Zero Trust, and how to get started.

Why is Zero Trust Important?

Remote working is here to stay, with a Chartered Institute of Management (CMI) study finding that 80 percent of firms have adopted hybrid working. But the work-from-anywhere model has also introduced a range of new security challenges – including an uptick in the number of endpoint devices organisations must manage (such as laptops or mobile phones), and introduced new threat vectors and vulnerabilities that firms must combat.

Accelerated cloud migration and the rise of multicloud has created even more IT complexity. In fact, a recent Forrester survey found that 63 percent of security leaders agreed they were “unprepared” for the increased pace of cloud transformation that the Covid-19 pandemic introduced. For many, the rush to the cloud also introduced new gaps between data centres and cloud infrastructure. Today teams often discover and patch these holes too late, only after attackers have exploited them to gain access to the enterprise.

At a time when ransomware and cyberattacks continue to rise in severity, there is no point questioning if an attack will take place. Breaches are inevitable. If they haven’t already, they’re bound to occur. The more pertinent questions are: When will the next breach occur, and how serious will the damage to my organisation be?

Firms must focus on bolstering their security posture now in order to limit the impact of future attacks. Zero Trust is an essential proactive security mindset that empowers businesses to remain resilient in the face of today’s evolving threat landscape.

Advancing Your Zero Trust Journey.

The first stage of the Zero Trust journey is to start by “assuming breach”. Behave as though an attacker or an unknowing insider has already put your organisation at risk. Additionally, use “least privilege” policies to limit non-essential access and ensure user accounts can only interact with the data they need. By limiting access, you’re putting preventative safeguards in place to minimize risk from the start.

From there, focus on enhancing visibility across your environments – you can’t secure what you can’t see. To determine which pathways and infrastructure are most at risk, you must fully assess

your organisation’s risk landscape. Then, you can determine which assets to safeguard first and discern where to implement security controls to minimize unnecessary lateral movement.

Going Forward.

Time is of the essence for organisations looking to bolster resilience in cyberspace. Cybercriminals are continually refining their tactics and toolkits, and with more employees working remotely, the risk posed by unknowing insider threats makes the threat landscape even more daunting. It’s not just “bad actors” or malicious threats organisations must worry about today, it’s unknowing and well-intentioned employees too. One wrong click or one infected laptop can put the whole enterprise at risk.

Successful breaches are becoming increasingly harmful and frequent. According to research from IDC, more than one third of organisations worldwide experienced a ransomware attack or breach that blocked access to critical systems or data in the last 12 months. Even worse, most organisations hit by ransomware last year paid the ransom (only 13 percent did not).

This is why, according to Forrester, 78 percent of firms plan to enhance their Zero Trust security operations over the next year. Not only is the cost of ransomware rising, but its success rates are climbing as well – and Zero Trust is a trusted, proven strategy designed to provide firms with dynamic defence in-depth. As the threat landscape becomes more volatile and breaches increasingly become the norm, it’s clear that the time to get started with – or accelerate – your Zero Trust journey is now.

By Federica Monsone, founder and CEO of A3 Communications, the data storage industry PR agency.
By Amit Dhingra, Executive Vice President at NTT Ltd. Network Services.
By Dan Gora, Cloud Security Architect & Regional Discipline Lead at Eviden, an Atos company.
By Manu Puthumana, Vice President - Cyber Defense Services, Mphasis.
BY Alex Jones, Director of Kubernetes Engineering at Canonical.
By Robin Tatam, Senior Director of Product Marketing at Puppet by Perforce.
Zeki Turedi, Field CTO Europe, CrowdStrike