InfoGuard AG (Headquarter)
Lindenstrasse 10
6340 Baar
Switzerland
InfoGuard AG
Stauffacherstrasse 141
3014 Bern
Switzerland
InfoGuard Deutschland GmbH
Landsberger Straße 302
80687 Munich
Germany
Zero trust is a security model fit for today’s demands. However, getting started requires a rethink and a departure from some cherished concepts – including that of perimeter-focused security. This alone is reason enough to take a closer look and explain why companies should be looking to implement a zero trust philosophy as soon as they can. This blog post, and others to follow later in the year, will take you on a journey into the world of zero trust!
The increasing popularity of cloud and edge computing combined with hybrid working models requires a rethink of cyber security. The traditional approach with defined security boundaries that distinguish between “trusted” and “untrusted” communication is no longer sufficient. Today, ever-more employees work remotely and are thus active outside the previous “fortified office walls” and perimeters. Moreover, in addition to the core workforce, mobile workers, hybrid employees and third-party partners often need access to business applications and data. The use of BYOD and cloud services is also on the increase, which means that large parts of the company’s data traffic are no longer protected by perimeter-based security. Contemporary cyber security therefore requires greater speed and flexibility to stay one step ahead of cyber criminals. This increases resilience and enables the full operational capability to be quickly restored.
The biggest problem with perimeter-based security is that it is static. Over the years, applications, devices and users have outgrown traditional corporate boundaries and are therefore no longer trustworthy in architecture terms. The fundamental flaw of perimeter-based security is that everyone accessing resources from within the secure perimeter is trusted – an outdated assumption, as there are many internal as well as external threats, as evidenced by the various types of insider threats – both malicious and negligent. To remedy this, companies should use the zero trust model.
Verification of identity, devices, networks, applications and workloads as well as data must become the new security perimeter. The zero trust model is based on these pillars, which works on the basic idea of trusting no one until their trustworthiness (identity, devices, networks and applications) has been verified in context (applications, workload and data). Zero trust thus puts all users, devices, applications and communications on the same security footing and explicitly classifies them as untrusted until they are verified. This verification is carried out continuously, which means that a time limit is placed on the trustworthiness. The security model also uses the principle of least privilege (PoLP) to limit what a user or device can gain access to.
In this way, a zero trust framework protects confidential company data, regardless of whether the threat comes from inside or outside the company. Whether ransomware is smuggled in from outside, employees are working in their home office, problems occur in the supply chain or partner companies have security loopholes – zero trust ensures that data is processed securely. However, the introduction of the concept requires a change in thinking in order to effectively secure IT systems and corporate data in the future.
Continuous monitoring gives companies precise tools that can be fine-tuned to protect the four strategic business areas.
The zero trust model helps organisations build an effective and adaptive security model, especially to meet the complex demands of today’s hybrid working. If you do not yet have a strategy for implementing zero trust, we recommend that you develop one now and create an associated strategic roadmap. The path to zero trust is a gradual process that can take years to implement.
The strategy should involve a zero trust cyber security framework that includes the following dimensions: identities, devices, applications and workloads, data, network and architecture, governance, automation and orchestration along with visibility and analytics capabilities. Take advantage of the experience and expertise of specialists like InfoGuard!
We will support you in developing your zero trust strategy, the corresponding architecture, the selection and configuration of suitable security solutions as well as the operation and monitoring of your infrastructure around the clock.
Get in touch – we will be happy to be at your side on your zero trust journey!
Integrating a zero trust model into the current IT environment takes time and effort. However, positive effects can be achieved that go far beyond traditional network perimeters and can cover any aspect of securing a company very effectively.
Zero trust is also not possible with a single solution. Instead, it requires a comprehensive approach that takes into account the complex interplay of identity, devices, networks, applications and workload as well as data. If a move into Security Service Edge (SSE) and the use of multiple cloud-based zero trust techniques are also envisaged, the time and resource requirements increase further. It is important to have a high degree of modularity in the chosen zero trust technique during the planning phase in order to meet the challenges of the constantly evolving cyber threats.
We recommend starting with small implementations and proceeding in manageable steps. An example of a procedure for implementing zero trust could look as follows:
The InfoGuard “Zero Trust Readiness Assessment” is exactly the right starting point for identifying risks and weaknesses in the current zero trust strategy or its implementation! We will show you for instance which good practices have not yet been sufficiently defined or implemented in your zero trust strategy. Discrepancies are assessed in terms of their risk criticality. Prioritised recommendations for action are developed on this basis and presented in the form of a solution path. Interested? Then we look forward to receiving your enquiry:
We will explain how zero trust can be used in cyber security, cloud, IoT and OT infrastructure, supply chain or development, for example, in another post in a few weeks. Make sure you don’t miss it by signing up for our blog update right away!