? editor ’ s question oday ’ s ‘ work from
T anywhere ’ culture , largely a result of the pandemic , means the world of work has become highly connected and highly digitised . According to Gartner , the growing adoption of cloud applications combined with a more mobile workforce have made the browser the most important productivity tool in the business . Given the current threat landscape , this presents a real challenge . Where companies are increasingly moving to the cloud and adopting SaaS solutions , they are experiencing attacks outside of the safety of the corporate network . Firms have moved from having an easily defensible , centralised perimeter to going directly to the Internet , bypassing network security and exposing a series of new vulnerabilities .
Unfortunately , many continue to rely on the same approach of ‘ detect and prevent ’. Blocking an attack and then detecting a breach once it ’ s occurred is failing this new model and means organisation simply cannot keep up with sophisticated browser-based attacks . Zero Trust is the principle that allows security teams to overcome the ingenuity of even the most malicious attackers . Traditional security models operate on the outdated assumption that everything inside an organisation ’ s network should be trusted . Under this broken trust model , it is assumed that a user ’ s identity is not compromised and that all users act responsibly and can be trusted .
But many of the most damaging cyberattacks in recent times , such as the SolarWinds breach , were allowed to happen because of the simple fact that once hackers gained access inside corporate firewalls , they were then able to move laterally through internal systems , access and exfiltrate data , elevate privileges , and importantly , without any real resistance . Zero Trust addresses this , leading the shift away from legacy
Companies must incorporate a policy of ‘ least privilege ’, limiting user access to the applications and areas of a company network that they need to do their job effectively .
MIKE EAST , VICE PRESIDENT OF SALES , EMEA , MENLO SECURITY
‘ castle and moat ’ solutions and removing many of the issues associated with detection-based security technologies . It takes a default ‘ deny ’ approach to security that is rooted in the principle of continual verification . It recognises ‘ trust ’ as a vulnerability , and therefore , commands that all traffic – including emails , websites , videos and documents that originate from either inside or outside an organisation – is verified .
The three key principles typical of Zero Trust are :
1 . The idea of verification with continuous authentication of all available data points .
2 . Companies must incorporate a policy of ‘ least privilege ’, limiting user access to the applications and areas of a company network that they need to do their job effectively . This not only secures data , but also helps to enhance productivity .
3 . An organisation must assume that a breach is imminent . In doing so , security becomes a priority in all decision-making and can be continually adapted with the use of other tactics .
Zero Trust is the principle that allows security teams to overcome the ingenuity of even the most malicious attackers . www . intelligentciso . com
29