Uncertainty causes stress. That’s why humans have been so afraid of the dark since the beginning of time – we are never sure what’s out there.
If you know what is going to happen, for better or for worse, you may be able to prepare yourself, or you may be able to relax – however, your stress levels will be reduced just from the fact of knowing what will happen.
IT is no different – uncertainty causes all harm. If you do not know who your enemy is, or if you cannot identify a threat entering your network, you cannot protect yourself.
Threat levels have crossed a threshold of uncertainty and risk that organizations are no longer able to handle. As a result, the only solution is to close the gates and build security posts all around, ensuring that nothing can pass unnoticed and unauthenticated.
This is zero trust.
Take it Step By Step
In an interview, Zero Trust creator, John Kindervag and an advisor on implementation mentioned that one of the most significant problems organizations are dealing with is they try to do everything. This is a common misconception. Occasionally, he observes companies trying to zero trust their website, which contains content you want people to access. Kindervag concludes that Zero trust can be built step by step, and not everything needs Zero Trust.
Let’s examine what are the main and most impactful steps:
First step: Light Every Corner of IT
From its perception, it’s a way to shed light on everything and leave uncertainty outside the perimeter gates.
To achieve Zero Trust and relieve the related pain, the first step is visibility – shedding light on everything.
In a report released by Fedscoop, surveying federal agencies, 4 in 10 respondents at large agencies, 20% at medium size agencies, 32% at small agencies and said they need more visibility in gaps that must be closed to achieve zero-trust.
Qualys Vulnerability scanner can be a significant first step into Zero Trust, enabling you to see and map everything on your network and locate gaps.
Step 2: User Control
Respondents in the Fedscoop survey said they lack data management skill hindering their agency in implementing zero-trust. They also mention the lack of security engineering skill (39%), and that implementing user controls will be the most resource consuming pillar for building zero trust.
Delinea PAM solutions are a great first step to bridging the users’ access permission gap. Delinea offers a All-in-one solution for least privilege management, threat intelligence, and policy-driven application control.
Step 3: Authentication
Another critical aspect of a zero-trust strategy is multifactor authentication (MFA) to verify the identity of users before granting access to resources. MFA combines something the user knows (such as a password), something the user has (such as a security token or phone), and something the user is (such as biometric data) to confirm the identity of the user.
Utilizing Yubikey is a user-friendly way to gain trust and take a large step toward Zero Trust.
In addition to MFA, a zero trust strategy may also involve using network access control (NAC) systems, which continuously monitor and verify the identity and trustworthiness of devices attempting to access the network.
NAC systems can be configured to block access to devices that do not meet specific security criteria or that have been identified as potentially compromised.
To conclude the first critical steps to be taken:
- Identify your assets & Map your assets – with Qualys
- Implement multifactor authentication – with Yubikey
- Implement network access control and PAM – With Portnox and Delinea