zero trust Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

zero trust

Questions raised as to whether US government agencies can implement zero trust policies in short-term

 960 640 Stuart O'Brien
By:
0
0

75% of U.S. federal agencies will fail to implement zero trust security policies by 2026 due to funding and expertise shortfalls.

That’s according to Gartner, which defines zero trust as a security paradigm that starts from the baseline of trusting no end user, and explicitly identifies users and grants them the precise level of access necessary to accomplish their task.

Zero trust is not a specific technology, product or service. Instead, it is a set of security design principles that contrasts with the traditional perimeter-based security approach.

“With the September 2024 deadline for specific zero trust requirements for U.S. federal agenciesbeing established, requirements are broad for all agencies,” said Mike Brown, Vice President Analyst at Gartner. “However, consistent with other compliance deadlines, agencies will struggle to meet these goals. Given the typical delays for Congressional passage of the federal budget, funds will likely not be available for the zero trust initiative until the second quarter of fiscal 2024, allowing only a partial year to achieve goals.”

Although zero trust achievements, or lack thereof, may be captured in audits, public reporting on specific details of zero trust progress may be limited or obfuscated. This is to avoid identifying weaker aspects of government cybersecurity for the benefit of malicious actors.

“One of the main impediments for government agencies in their zero trust journey is a cybersecurity skills shortage,” said Brown.” Government agencies are challenged to compete with the private sector for staff with necessary skills. To address these talent shortages, agencies should be working simultaneously with service contracts, to reskill existing staff and to recruit new staff.”

Failure to meet policy deadlines will continue to leave federal agencies exposed to risks that could be mitigated.

“This could lead to the interruption of vital government services or the compromise of sensitive information, both of which would have a significant fiscal impact on resolving what could be prevented,” said Brown. “Security breaches will occur as even the best cybersecurityimplementations are not immune. Still, those agencies and their CIOs who fail to fully and promptly adopt zero trust measures will be subject to the most negative scrutiny. A breach often catalyzes the focus and investment in mitigation, which is a predictable need.”

Learn how to implement zero trust security in the public sector in the complimentary Gartner Zero Trust Toolkit.

Photo by Jonathan Simcoe on Unsplash

The importance of Zero Trust Architecture

 960 640 Guest Post
By:
0
0

By Cathal Judge (pictured), Founder and CEO of CISO Assurance Global

Zero Trust security architecture adoption is on the rise, and with good reason. The Network and Information Security (NIS2) Directive requires the adoption of best-practice security architecture, to ensure state of the art security of European networks and information systems.

Likewise, the GDPR requires state of the art security to be enforced for all organisations that process personal data.

Zero trust security architecture is the concept of securing the network from within, by applying layered security policies and controls. Access is monitored and restricted on an individual basis and continuous authentication takes place.

This enables organisations to verify user credentials and policy compliance at strategic points of the infrastructure, reducing the risk of malicious hackers gaining access.

It also paves the way for the adoption of AI, to create  self-securing networks in the near future.

Through the implementation of a zero trust architecture, organizations are also able to better manage their security resources. Such proactive security policies lead to the detection of suspicious activities or weaknesses early, before they can be exploited to cause harm.

Once threats are detected, organizations can respond quickly and efficiently to prevent major security breaches. Under the new NIS Directive, European organizations must ensure that adequate security policies are enforced. Such policies must protect the integrity, confidentiality and availability of their data and systems.

CISO Assurance Global provides managed consulting services around Zero-Trust architecture and NIS2 compliance.

Get in touch today at www.cisoag.com or info@cisoag.com.

eBOOK: How to get started with Zero Trust Network Access (ZTNA)

 960 640 Stuart O'Brien
By:
0
0

By Censornet

Zero Trust is a paradigm that is becoming a guiding philosophy for the cybersecurity industry. But the technology that will turn the thinking into a reality is Zero Trust Network Access (ZTNA).

By 2023, 60% of enterprises will have phased out VPNs (virtual private networks) and replaced them with ZTNA, Gartner has predicted.

Even if an organisation has not yet considered moving to a Zero Trust model and implementing ZTNA, it should be laying the groundwork to ensure the changes happen as smoothly as possible. Censornet can help you on this journey, which we’ll start by explaining a little more about Zero Trust and ZTNA.

Goodbye VPN, hello ZTNA

Zero Trust and ZTNA turn the familiar mantra of ‘connect then authenticate’ on its head. Instead, Zero Trust demands a security approach where users must ‘authenticate, then connect’ and reminds security teams to ‘never trust, always verify’. In short, context – including identity – is everything.

ZTNA isolates systems from potential trespassers and hides applications from the internet. This makes applications more resilient to many forms of network-based attack including scans, vulnerability exploits, DoS and DDoS attacks.

Before letting anyone into a network, they should first be identified.  Risk should be assessed at that point, based on context, but also continually throughout the session. It is no longer enough for a user to simply fire up a VPN and connect. Identity, along with other contexts such as time and day must be considered, as well as other data points such as device, location, and even geo-velocity.

First steps to Zero Trust

For many organisations adopting a Zero Trust model, using ZTNA, is the first stage on the road to the next great paradigm: Secure Access Service Edge (SASE). Censornet’s guide will help you understand Zero Trust, discover how it can benefit your organisation, and assist you with taking those crucial first steps towards the future of your own cloud security.

Download your free copy now!

Zero Trust: The practical way to look at cybersecurity

 960 640 Guest Post
By:
0
7

By LogRhythm

Zero Trust is quickly becoming the security model of choice for enterprises and governments alike. The need to protect, defend and respond to threats is more apparent than ever as we continue to work from remote locations.

Where to start

Zero Trust is more than implementing a new software, it is a change in architecture and in corporate culture. The pandemic has increased interest in this working practice, with a recent survey finding 40 per cent of organisations around the world working on Zero Trust projects.

The first aspect of any project is identifying key data and where it sits in your organisation, and then documenting who needs access to it. This will allow you to begin dividing up your network keeping users and their data in appropriate areas.

The main challenges

The key principle to a Zero Trust model is rock-solid identity management. All users, devices and applications must all be correctly identified to ensure everyone is granted the right level of access.

The data identification process described above is one of the main challenges, understanding where your data is stored and who should have access to it can be tricky with legacy applications and weak identity management.

Then there is the question of culture, will employees be resistant to the change? Managing the amount of friction caused by the process is key to success.

The benefits

Some sort of security compromise is inevitable, Zero Trust mitigates the damage by restricting the intruder to one small part of your network.

It will allow simpler provisioning and deprovisioning of staff as they join or leave, with corresponding cost benefits as IT teams spend less time onboarding and offboarding staff.

It can provide a solution to the registration of trusted devices onto your network and cut spending on managing active directory.

Moving the ‘perimeter’ to the user and their device provides a way to extend the security we take for granted in the office to staff, wherever they might be working.

Learn more about a Zero Trust implementation in the latest Forrester Report.