EDITOR ’ S QUESTION
MIKE EAST , VICE PRESIDENT OF SALES , MENLO SECURITY
Today ’ s ‘ work from anywhere ’ culture , largely a result of the pandemic , means the world of work has become highly connected and highly digitized . According to Gartner , the growing adoption of cloud applications combined with a more mobile workforce have made the browser the most important productivity tool in the business . Given the current threat landscape , this presents a real challenge .
Where companies are increasingly moving to the cloud and adopting SaaS solutions , they are experiencing attacks outside of the safety of the corporate network .
Zero Trust is the principle that allows security teams to overcome the ingenuity of even the most malicious attackers .
Firms have moved from having an easily defensible , centralised perimeter to going directly to the Internet , bypassing network security and exposing a series of new vulnerabilities .
Unfortunately , many continue to rely on the same approach of ‘ detect and prevent ’. Blocking an attack and then detecting a breach once it ’ s occurred is failing this new model and means organizations simply cannot keep up with sophisticated browserbased attacks .
Zero Trust is the principle that allows security teams to overcome the ingenuity of even the most malicious attackers . Traditional security models operate on the outdated assumption that everything inside an organisation ’ s network should be trusted .
Under this broken trust model , it is assumed that a user ’ s identity is not compromised and that all users act responsibly and can be trusted .
But many of the most damaging cyberattacks in recent times , such as the SolarWinds breach , were allowed to happen because of the simple fact that once hackers gained access inside corporate firewalls , they were then able to move laterally through internal systems , access and exfiltrate data , elevate privileges , and importantly , without any real resistance .
Zero Trust addresses this , leading the shift away from legacy ‘ castle and moat ’ solutions and removing many of the issues associated with detection-based security technologies .
It takes a default ‘ deny ’ approach to security that is rooted in the principle of continual verification .
It recognises ‘ trust ’ as a vulnerability , and therefore , commands that all traffic – including emails , websites , videos and documents that originate from either inside or outside an organization – is verified .
The three key principles typical of Zero Trust are :
1 . The idea of verification with continuous authentication of all available data points .
2 . Companies must incorporate a policy of ‘ least privilege ’, limiting user access to the applications and areas of a company network that they need to do their job effectively . This not only secures data , but also helps to enhance productivity .
3 . An organization must assume that a breach is imminent . In doing so , security becomes a priority in all decision-making and can be continually adapted with the use of other tactics .
34 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com