In the United States, government has recommended the zero-trust cybersecurity model as a way to ensure baseline security practices and mitigate risks associated with cloud-based infrastructure. Every organisation should actively move towards this model.
The core principle of the zero-trust model is that nothing inside or outside the security perimeter is trusted. Organisations must verify everything attempting to establish access. The American government recommends the following five principles to create a real zero-trust model:
Actively manage employee access privileges to protect them from phishing and spear phishing scams.
Consistently monitor and track the devices that employees use to do their jobs, taking into account the security posture of those devices when granting access to internal resources.
Isolate agency systems from each other and encrypt network traffic flowing between and within them.
Test enterprise applications internally and externally to make them available securely to staff over the internet.
Collaborate with data security teams to develop data categories and security policies to automatically detect and block unauthorized and policy-violating access to sensitive information.
Maintaining an unwavering emphasis on stronger enterprise identity and privileged access controls, including enterprise-wide multi-factor authentication, is the backbone of a zero-trust model. Implementing secure, enterprise-managed identity systems is the most effective way to prevent cybercriminals from executing account takeover attacks and gaining access to an enterprise’s back-end to steal data or launch other attacks.
Enterprises cannot assume that any network is trusted, and they must compel users to log into applications instead of networks. Implementing robust internal testing programs and inviting external partners to evaluate their security and risk posture is also recommended.
The Cybersecurity and Infrastructure Security Agency (CISA) leads the national effort to understand, manage, and reduce cyber and physical infrastructure risk for the US Federal government. CISA’s zero-trust model describes five complementary areas of effort (pillars) that must be achieved to create a zero-trust model:
Identity, Devices, Networks, Applications and Workloads, and Data.
To achieve a zero-trust model, enterprises must employ risk-based access by taking a holistic view of users and gaining a deep understanding of their responsibilities and authorities, and implement strong enterprise-wide authentication practices. They must also maintain a complete inventory of every device authorised for business use and encrypt all DNS requests and HTTP traffic within their environment. Departments must treat all applications as internet-connected, subject them to rigorous empirical testing, and focus on tagging and managing access to sensitive documents. Enterprises should leverage cloud security services and implement solutions that enable enterprise-wide data visibility, logging, and information sharing.
Transitioning to a zero-trust model requires a foundation to automate security access rules and regulate access based on the sensitivity of the data being requested. The more principles an organisation can achieve, the closer it will be to a real zero-trust model.
Ready to adopt zero-trust in your organisation? DataGroupIT is Africa’s leading Value-Added Distributor (VAD). By partnering with the best selection of established and emerging technology vendors across the globe, we, provide complex solutions for any size business, including Enterprise and SME markets across the African continent.
Our product portfolio offers comprehensive solutions for IT Security, Infrastructure and Enterprise Software.
We are fully committed to our business partners. Channels & vendors success is our #1 mission. Our professional teams across Africa deliver exceptional sales, presale, logistic, marketing and financial support that create the ultimate platform to accelerate our business partners’ success.
Speak to us today to find out more about this solution and more.