Let's talk about Zero Trust Architecture. Zero Trust is a strategic initiative that eliminates trust from an organization’s network architecture in order to prevent data breaches. The basic principle is “never trust, always verify.” Zero Trust protects digital business environments by enforcing network segmentation, preventing lateral movement, providing Layer 7 threat prevention, and implementing granular user-access control. Zero Trust architecture is an option to be considered by organizations who want to prevent data leaks, and lower the risk of cyberattacks.
The majority of businesses use traditional security architecture — typically adopting the incorrect (and unsafe) assumption that anything contained within their own network is trustworthy. But the truth is that security threats can arise quickly from internally, and with even more intelligence than ever before.
Why Zero Trust?
As Steven Prentice explained in the most recent Cloud Security Tip, “People working from anywhere on any device, and data racing around networks and to and from the cloud means there is no single fortress where everything can exist safely. Operating on a belief that everything inside the perimeter is safe because it’s inside the perimeter is no match to today’s hacking, penetration, and insider sabotage.”
- According to a study conducted by the Ponemon Institute and sponsored by IBM:
- 60 percent of breaches impact small-to-medium-sized organizations.
- The 2018 global average for breached records was 24,615 per country.
- 31,465 records were breached in the United States in one year.
- The average size of a data breach rose by 2.2 percent in 2018.
- In 2017, the number of significant breaches in the US was more than 1,300.
And contrary to popular belief, these breaches are not just the result of cybercriminals breaking in. A lot of breaches start on the inside, which is why it is so important for organizations to protect themselves from the inside out.
Implementing Zero Trust
Like Steve explained, organizations need to establish new perimeter protections, including microtunnels and MFA, to new cloud deployments. But not only that: organizations must still somehow factor these new measures into an existing architecture...without those new measures becoming more inconvenient or vulnerable than what they are trying to replace.
It’s also important for leaders to define what zero trust means within their organization and learn what it means to other organizations, since there is presently no clear or unified definition across the industry — merely an agreement about the philosophy. When implementing and using zero trust technologies and practices, leaders must be sure there is clear communication with any other organization involved, since their definition of “zero trust” might look drastically different.
A great way to get started with Zero Trust is to configure your OpenVPN Access Server to allow LDAP Active Directory authentication: from there you can apply specific settings to your Access Server users to determine who can log on, and what information they have access to. By configuring Access Server in this way, you are heading in the right direction towards “never trust, always verify.”