Despite these challenges, companies can still implement zero trust models if they work with partners that enable them to put some best practices in place. Here’s what organizations should look for to get started:
It’s fundamental to ensure that users are who they say they are when implementing a zero trust model. Since zero trust focuses on never trusting anyone, organizations should make sure that users confirm their identity in several ways when securing their hybrid workforces.
Multi-factor authentication means that users must provide two or more of the following to gain access to networks and applications:
- Something they know (password)
- Something they have (token, smartphone)
- Something they are (face ID or fingerprint)
Many companies are adopting passwordless strategies, such as FIDO2-compliant keys. For example, companies can use Windows Hello that enables fingerprint recognition, a unique PIN number, or facial recognition through the PC’s camera.
Endpoint security monitoring enables organizations to ensure that devices connecting to their networks are not compromised. Every computer and server is a potential entry point that threat actors can use to deploy malware and ransomware attacks. Further, with employees working remotely, a single accidental click on a link or document in a phishing email can compromise a device.
Companies that implement zero trust use device attestation and endpoint security monitoring to mitigate these risks. Device attestation means that the device must meet the organization’s security requirements prior to being connected to applications and networks. Endpoint security monitoring gives these organizations a way to set baseline controls and review endpoints to ensure that they have not been compromised.
Identity and access are fundamental to your security perimeter. By limiting access, organizations can mitigate insider threat risks and make it more difficult for threat actors to access sensitive data. Additionally, it can stop employees from accessing sensitive documents that aren’t meant for their eyes.
Continuous Monitoring and Response
Even with continuous authorization, authentication, and attestation, companies still need to monitor their threat landscape continuously. Security Operations Centers (SOCs) continuously monitor an organization’s systems and networks, looking for abnormal activity that indicates a successful attack. For example, they might notice a high volume of failed login requests coming from the same account in a short time span, indicating a brute force attack attempt.
SOC teams that can detect new risks effectively and respond rapidly will reduce the amount of time threat actors spend in the organization’s environment. By reducing the time spent, SOC teams ultimately limit cybercriminals’ ability to steal data or deploy ransomware.