Protect your data with zero-trust networks
Threats lurk everywhere. Most organizations, understandably, are focused on external attacks. But that may mean internal attack vectors exist that don’t get the attention they deserve.
After all, it only takes one successful phishing email for a bad actor to gain access and start causing mischief inside your company's network. And let's remember that there are also disgruntled, departing and former employees who retain access to organizational networks and may choose to engage in malicious or money-motivated actions.
ChatGPT training built for everyone
A study by Beyond Identity discovered that 83% of former employees maintain access to one or more proprietary accounts after leaving a company.
Harmful actions committed by former employees included:
- 56% harmed their former employer in some way
- 25% took client information
- 24% took financial information
Then there is the potential security weakness accompanying the work-from-home movement and the complexity of modern supply chains and customer relationships. Who is to say a child, a spouse or a neighbor won’t be able to access the home Wi-Fi networks of employees? And who can guarantee that the access rights granted to customers and partners won’t be abused, mismanaged or misconfigured?
What is the answer to secure access?
It very well could be zero-trust network access (ZTNA). ZTNA encompasses technologies that enable secure access to internal applications. It involves using granular policy management to grant access — on a least-privileged basis — so that verified users can connect securely to private applications while protecting the network and avoiding exposing apps to the internet.
“Workloads, applications, services and storage continue to shift to the cloud, making it more difficult for IT organizations to secure and control information, which is increasing the risk of security threats,” said Michael Wood, CMO of Versa Networks.
“A solution to mitigating security exposures in this multi-cloud environment is to shift ingress protection to the firewall as a service and combine this with services such as ZTNA.”
A closer look at the ZTNA framework
Zero trust is all about securing IT infrastructure and data via a framework that can safeguard remote workers, hybrid cloud environments and IT in general. It works on the assumption that any network is always at risk of either internal or external attacks.
“The theme of 2022 is to secure your users and your infrastructure secrets with zero-trust network access,” said Darren Guccione, CEO and co-founder at Keeper Security.
Zero trust means an individual is not given trust just because they are on the network. Those users must prove who they are and are given only limited access to the systems needed to perform their specific tasks.
Beyond safeguarding and vetting individual human identities, the next frontier of ZTNAs is now verifying machine identities, such as the specific device and browser used to gain network access.
Phishing simulations & training
The four most impactful ways ZTNAs are changing security now
1. More secure VPN alternatives
Traditional VPNs for remote users rely upon complex network-to-network approaches that are difficult to secure. The solution is to build a secure software-defined perimeter based on zero trust.
For example, Network Address Translation (NAT) maps IP addresses from one group to another to prevent the network’s internal IP address from being exposed.
As DH2 co-founder and CEO Don Boxley explained, “You can use ZTNA tunnels to seamlessly connect all your applications, servers, IoT devices and users behind any symmetric Network Address Translation (NAT) to any full cone NAT without having to reconfigure networks or set up complicated VPNs.”
2. Improved identity and access management
Password management is broken in many organizations.
Users are rebelling more and more against all the rules, complexities and pains inherent in password management — and they are getting sloppier. According to research from Bitwarden:
- 84% of Americans reuse passwords across multiple sites
- 55% rely simply on memory to manage passwords
- 21% reset passwords either daily or multiple times a week
Improved identity and access management (IAM) also go beyond people.
“Initiatives like zero trust also require machines to have strong identities that need to be managed,” said Chris Hickman, CSO of Keyfactor. “This continues to drive the adoption of certificates across the enterprise, and as with identity for people, machine identities also need consistent management to mitigate risks.”
3. Better data protection
In addition, ZTNA has a positive impact on overall data protection. It helps prevent data exfiltration and better manages organizational IP and confidential information.
With the move away from on-premise computing to multi-cloud and hybrid-cloud environments — and away from monolithic applications to modern microservices — many more devices and applications are connecting to organizational networks than ever. This has necessitated a surge in IT infrastructure secrets, such as certificates, API keys and Remote Desktop Protocol (RDP) credentials. All must be protected.
“Securing human users with zero trust network access is critically important, but so is securing infrastructure secrets that unlock access to highly privileged systems and data — and enabling devices and apps to leverage cloud resources and execute sensitive business processes,” said Guccione.
For example, threat actors stole many code-signing certificates during a recent Nvidia breach. These certifications are now being used to spread malware in the wild.
Zero trust contains tools designed to lock down assets using the same console used to manage IAM.
4. Enhanced multifactor authentication
In addition to securing network connectivity for their distributed workforces, organizations must ensure that third-party vendors and business partners can securely connect to needed network resources.
Phishing simulations & training
A zero-trust approach includes strong user and device authentication, role-based access control (RBAC) with least-privilege access and comprehensive password security, including strong passwords for every user account and multi-factor authentication (MFA), added Guccione.
Once you clearly understand data across your organization, the next step is to leverage this data to reduce attack surfaces as much as possible.
One way to do so is to implement identity-based zero-trust architecture and MFA. This approach requires all users, whether in or outside the organization’s network, to be authenticated, authorized and continuously validated for security configuration and posture before being granted or retaining access to applications and data.
This includes real-time prevention of identity-based attacks by leveraging conditional access policies.
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Protect your data with zero-trust networks
- Digital identity management: Balancing usability, security and privacy
- Why aren’t more women in cybersecurity, and how can we fix it?
- ChatGPT and the strengths and limitations of cognitive AI
- Cybersecurity automation: Tips to do it right in your organization
- Advancements in online safety: Combating cyberbullying and protecting vulnerable communities
- How small and medium businesses (SMBs) can fast-track a disaster recovery plan
- What it takes to qualify for the US Cyber Games team
- The changing role of a ransomware negotiator
- Protecting K-12 schools from cyber threats: The case of Vice Society
- A deep dive into GitHub's security strategies
- Data storage security isn't working: Here are 5 ways to improve
- 3 cybersecurity automation tools that your IT department needs now
- One phishing attack could expose your entire hospitality network
- Privacy compliance and security: Are you collecting too much data?
- API security best practices: What you need to know
- Considerations when using open source to build an identity system
- Security as a service: 11 categories you should know
- The impact of open source on cybersecurity
- Cybersecurity jobs are in demand. C-level IT executives needed!
- 6 cybersecurity truisms the industry needs to rethink
- 2022 cybersecurity spending trends: Where are organizations investing?
- Will corporate support for Fast ID Online [FIDO] mean mass adoption? If so, what does that mean for security and identity?
- Twitter’s cybersecurity whistleblower: What it means for the community
- Top 5 cybersecurity questions for small businesses answered
- What Is zero-trust security, and should your business adopt it?
- What’s next in cybersecurity: Predictions from Andrew Howard
- How training employees about ransomware can mitigate cyber risk
- Today’s IT job market: Beyond fear, uncertainty and doubt
- Third-party authentication (OAuth): Good or bad for security?
- Two basic actions that reduce enterprise cyber risk by 60%
- 4 key takeaways from the 2022 Verizon DBIR report
- Four examples of human error in cybersecurity — and how to fix them
- Five ethical decisions cybersecurity pros face: What would you do?
- How to become an ethical hacker: Tips from Offensive Security CEO Ning Wang
- Shaking up security awareness: How one organization is building a culture of security
- Security Culture: TikTok CISO says this trend is here to stay
- IT skills advice from IDC's IT education and certifications expert
- Managing a security awareness program: Carrots, sticks, and repeat offenders
- Reducing IT’s carbon footprint: Good for business as well as the environment
- How Booz Allen Hamilton keeps their security team secure and compliant in a hybrid world
- 5 tactics to improve cybersecurity hiring results
- Top 9 effective vulnerability management tips and tricks
- SOC integration: Creating a well-built portfolio vs. a frankenstack
- Cybersecurity hiring: Why employer and higher ed collaboration is key
- After certification: Investing in employees' cybersecurity career pathways
- Where do ransomware, cyber education and cyber insurance intersect?
- Could psychology be the key to cybersecurity awareness? Research points to yes
- How IT pros can keep their organization on the cutting edge
- Cyber talent diversity: It's time to redefine the face of security
- Cybersecurity and Windows 11: What you need to know
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
Industry insights
Digital identity management: Balancing usability, security and privacy
Industry insights
Why aren’t more women in cybersecurity, and how can we fix it?
Industry insights
Industry insights
Cybersecurity automation: Tips to do it right in your organization