Just a rhetorical question. Which of you would want to go for surgery on your brain in a hospital where there are no written procedures and anyone can walk in and out of the operating room (ER) and even try if surgery suits them?
Right.
When it comes to our digital assets and digital lives, we seem to be content with a different approach. We throw data up for grabs and are somewhat happy to give Eastern reverse engineers the work of years without a fight.
Time to stop burying our heads in the sand . Even a pillar of NIS2 namely ‘Zero trust’ has gone through an improvement evolution. Let us take a look at what you as a manager will do best to pay attention to over the next 12 months.
Zero Trust ?
Zero Trust advocates for a security approach where trust is never assumed, regardless of whether access requests come from inside or outside the organization’s network.
The emergence of Zero Trust in NIS2 is a response to the evolving cybersecurity landscape, where it has become increasingly clear that insider threats, as well as sophisticated external attacks, could bypass perimeter-based security measures. With the blurring of the traditional network edge due to cloud computing, mobile devices, and remote work, the old model of a secure internal network versus an untrusted external one became outdated.
Zero Trust instead assumes that threats could be anywhere, and therefore, every access request needs to be authenticated, authorized, and encrypted, regardless of its origin.
John Kindervag’s development of the Zero Trust model was a pivotal moment in cybersecurity, marking a shift towards more dynamic and granular security practices that are more suited to the modern digital landscape of your company.
The model has since been adopted and expanded upon by various organizations and security professionals around the world, becoming a foundational principle in the design and implementation of security architectures.
The Zero Trust model in cybersecurity is built on a framework that challenges traditional network security concepts, moving away from the “trust but verify” approach to a more stringent “never trust, always verify” stance.
This approach is crucial in today’s environment, where threats can originate from anywhere, and the traditional network perimeter is no longer defined.
What are according to chat GPT the pillars of Zero Trust in as needed in the IT governance of your company?
- Verify Explicitly: Every access request, regardless of where it is coming from (inside or outside the organization’s network) must be verified for security compliance. This involves authenticating and authorizing every user and device based on all available data points, such as identity, location, device health, service or workload, data classification, and anomalies.
- Least Privilege Access: This principle limits user access with just-in-time and just-enough-access (JIT/JEA), risk-based adaptive policies, and data protection to prevent excessive or unnecessary access to sensitive resources. It ensures that individuals and systems have access only to the resources necessary for their specific roles and nothing more.
- Assume Breach: Operating under the assumption that threats exist both outside and inside the network, this pillar focuses on minimizing the impact of a breach. It emphasizes the need for strategies that protect against lateral movement within the network, enhancing the detection and response to threats already inside.
- Microsegmentation: This involves dividing security perimeters into small zones to maintain separate access for separate parts of the network. If a breach occurs, microsegmentation limits the attacker’s ability to move laterally across the network.
- Multi-factor Authentication (MFA): MFA is critical in a Zero Trust framework, requiring more than one piece of evidence to authenticate a user; this could be something the user knows (a password), something the user has (a secure device), or something the user is (biometric verification).
- Encryption: End-to-end encryption ensures that data is protected both at rest and in transit. This minimizes the risks associated with data breaches and interceptions.
- Continuous Monitoring and Response: Continuous monitoring of network and system activities to detect and respond to anomalies in real-time. This involves analyzing and logging all traffic, employing advanced threat intelligence, and automated response solutions to mitigate threats swiftly.
- Security Policies and Governance: Comprehensive and adaptive policies that govern how security controls are implemented and enforced. This includes the use of AI and machine learning for real-time policy decisions, based on the analysis of user behavior, device posture, network location, and other context signals.
These pillars represent a strategic and holistic approach to cybersecurity, ensuring robust protection against a wide array of digital threats. By implementing Zero Trust principles, your organization can significantly enhance its security posture in a constantly evolving threat landscape.
Just as a surgeon must constantly hone his skills and knowledge, you should expect the same from your IT supplier and IT governance team.
Here some questions to figure out if your company has adopted the zero trust mindset:
Are your endpoints monitored with XDR yes/no
Did you tailor the OS of endpoints so that only approved features and apps are available? Yes/no
Do you use dedicated backup and also a dedicated restore admin yes/no
Are your business critical processes yearly tested on redundancy? Yes/no
Do you have a 100% up to date IT asset (hard and software and cloud) inventory? Yes/no
Do you have a change management procedure? Yes/no
Do you have a yearly audit on data leak prevention? Yes/no
Do you have a digital minefield with alert and 24/24 7/7 monitoring yes/no
If you answer on even 1 question no, your company did not yet adopted the zero trust mindset. TEST Failed!
Lets start the revolution today – Danny Zeegers
