Consider the following: You can ensure your data is safe on your endpoints while traveling and that only controlled, managed, and secure connections are allowed onto your organization – but, what if one of your users, devices, or apps is somehow impersonated or hacked? The possible damage to your infrastructure could be irreparable, and you might not see it coming until it is too late. Additionally, once your network is compromised, hackers could run wild with the access they now have. This is where Zero Trust comes into play.
What is Zero Trust?
Zero Trust is a new cybersecurity approach often referred to as “never trust, always verify.” In other words, everyone and everything is potentially malicious until proven otherwise. The advent of mobility sees more sensitive data and PII than ever before that must be protected, and Zero Trust challenges the outdated “once you’re in, you’re in” mentality by requiring verification whenever possible.
No user, device, or app is considered “secured” just because it is known and/or within a predefined secure perimeter, but instead should be constantly verified. The same applies to the data traffic or source of traffic that should be considered free of potential malicious attempts; instead, this needs to be treated with a similar level of suspicion. When considering security, it is always advisable to prepare for the worst and expect the unknown.
How Does It Work?
Let’s look at a simple example. One of your employees is connecting from his mobile device using a messaging application to the corporate mail server, located either on-premises or on the cloud.
Access, authentication, and authorization are successful so the user can access his corporate emails from his device. So far, so good.
What if another connection is made from another device for the same user? Well, one can have multiple devices and, nowadays, we all use several of them. But what if the connection from the first device came from, for example, the NYC area, while the other came in the same timeframe but from LA area? This is certainly suspicious, but the question is – are you currently able to detect and take actions based on that?
In this case, at first look it seems like an attack where someone managed to impersonate the user credentials, but it could also be just an issue on the endpoint, like unrefreshed GPS data (e.g. the device just turned off after sending the wrong, outdated information). In that case, what should happen?
Zero Trust is not about yes or no, allowing or blocking, but constantly checking and verifying that every user, device, or app connecting to a resource is authenticated, legitimate, and free of any suspicion.
Relying on state-of-the-art technologies like Artificial Intelligence (AI) and machine-learning, Zero Trust will perform “behavioral analytics” to detect suspicious behaviors and act in real-time.
Impact to the End-Users?
This does not mean your end-users will constantly be asked to re-enter complex passwords, as this would defeat the whole purpose. Instead, complementary authentication will be required when needed using MFA, for example, prompting for fingerprints and/or face recognition to confirm a new connection or validate from another trusted device by simply clicking. The end-user experience will remain as seamless as possible.
How do I get Zero Trust?
Chances are you already have some level of Zero Trust concepts already deployed in your ecosystem. It could be in your UEM solution, your VPN, or your MTD solution. If there is a desire to incorporate additional Zero Trust elements in your network, we encourage you to reach out to the experts at ISEC7 for a mobile cybersecurity health check. We are more than pleased to assist you in any step along your way!