Thursday, March 4, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

Zero Trust: 3 Business Benefits and Beyond

Making Sense of the “Never Trust, Always Verify” Cybersecurity Model

by Michelle Drolet
July 29, 2020
in Cybersecurity, Featured
verified message in green on black screen

“Never trust, always verify” isn’t a new concept in cybersecurity, but it’s gaining new credence among organizations as they attempt to mitigate growing cyber risk. Towerwall CEO Michelle Drolet explains why.

The COVID-19 pandemic has caused a dramatic shift in both our personal and professional lives.

As the business environment undergoes rapid transformation, organizations are witnessing an increased demand for cloud adoption, digital transformation and new remote work models. This shift in the business landscape is also accelerating the need for an improved cybersecurity posture.

Businesses Need a Better Cybersecurity Model

In pre-pandemic times, the perimeter approach made sense, as most of the corporate assets and employees were behind a firewall. Post-COVID-19, this model has completely been upended, as a majority of white-collar jobs are being done from home, data is no longer confined to the data center and workloads are rapidly moving to the cloud. A recent IBM study has revealed that more than half of employees are using personal devices and computers to access business resources, while 61 percent of employees indicate a lack of security tools to secure those devices. Cybercriminal activity surrounding the pandemic is also at an all-time high, and this activity is not likely to slow down anytime soon.

Zero Trust: Trend or Fad?

Zero trust is the latest buzzword in the field of cybersecurity, and research indicates that more than 70 percent of global organizations are planning to implement zero trust in 2020.

The concept of zero trust, however, has been around a long time, and it’s probably just another name for what used to be called least privilege access. To make the concept even simpler, it basically means that the best cybersecurity hygiene should be that we mustn’t extend any more trust or access to anyone than we absolutely have to. In other words, never trust, always verify. In a zero-trust world, anything and everybody’s hostile no matter where you’re coming from or what asset you’re trying to access. There’s no implicit trust granted to you because you’re behind the firewall – simply because the firewalls themselves are treated as potentially hostile.

The Business Benefits of a Zero-Trust Architecture

One of the obvious business benefits of zero trust is that it makes things more secure than they are today. Especially when you consider a perimeter-less network, zero trust provides better control, shorter breach detection times and greater insight into network activity. Other business benefits of adopting a zero-trust strategy include:

  • It dramatically simplifies overhead/complexity. Once you have zero-trust policies in place, there’s a lot less for IT teams to administer. Users can only access resources they are permitted to, and applications can only communicate with specific devices that can help control lateral movements.
  • It supports a remote workforce. Workers are able to access applications they need to be successful in their job. IT staff have improved efficiency and the improved ability to address network errors. IT teams can curtail unnecessary spending on resources and allocate spare budgets to other critical areas. The architecture also helps boost network performance due to reduced traffic on subnets.
  • It is easier for the user. Zero trust provides a more simplified logging process due to granularity. Everything happens in the background, and the user doesn’t have to sign-in to multiple applications; users simply use the existing active directory to sign-in and access their resources, which is much simpler.

Tackling the First Mile of Zero Trust

Almost every cybersecurity vendor out there claims to support zero trust – from zero-trust endpoint protection to zero-trust mobile device management to zero-trust remote access.

There’s a lot of confusion surrounding zero trust, which is why 50 percent of cybersecurity professionals cite a lack of confidence in applying the model. To achieve a true zero-trust architecture, it’s important we lay the right foundation.

Here are some recommendations for cybersecurity teams:

Start with Network Access

One of the most important steps in a zero-trust strategy is to make sure nothing actually touches your network. Networks typically have multiple public resources: VPN gateways, intrusion detection systems, intrusion prevention systems, applications on AWS and Azure and cloud storage all are internet-facing public resources. Even if they’re very well-configured, if they’re vulnerable, your organization is vulnerable.

Instead of giving access first and authenticating later, start by authenticating first and giving access later. Use a software-defined perimeter (SDP) to establish trust before any access to resources is granted – even basic network connectivity.

Employ IAM

Some experts also compare zero-trust solutions with identity and access management solutions (IAM). However you can go to the IAM application, however you can access it via a networking standpoint, you can try to attack it. Zero trust must start from network access, and IAM is very much incomplete if you do not apply zero-trust authentication.

Use Multi-Factor Authentication

Coupled with controls over network access, multi-factor authentication (MFA) or IAM solutions create an additional layer of security by requiring more than one piece of evidence to authenticate a user. In addition to controls on user access, zero trust mandates controls on device access. It is important for cybersecurity teams to monitor not only who is accessing what, but also which devices are trying to access the network and ensure that every device is authorized.

Create Migrosegments to Control Lateral Movements

Using microsegmentation controls, cybersecurity teams can isolate the network into extremely granular segments. This allows specific communications to occur while blocking all others. Once resources are segmented, access to these resources can be restricted by specifying the users who can access the application. All other users, including cybercriminals, are blocked from using applications they are not authorized to use.

Finally, zero trust is not a destination, but a journey. As workspaces evolve owing to the pandemic and beyond, companies must continue to evolve their cybersecurity posture. It is time organizations make zero trust a core philosophy of their information security strategy.


Tags: cyber riskinformation security
Previous Post

ProcessUnity Launches Vendor Financial Intelligence to Enhance TPRM Programs

Next Post

Whistleblowing Management: The Coming Regulatory Storm

Michelle Drolet

Michelle Drolet is CEO of Towerwall, a highly focused, specialized cybersecurity, cloud and virtual CISO services firm with clients such as Foundation Medicine, Boston College and Middlesex Savings Bank.

Related Posts

The facade of the SEC in Washington, D.C.

Prepare Now to Comply with SEC’s Updated MD&A and Related Financial Disclosure Requirements

March 3, 2021
Illustration representing a facial recognition technology scan of a face.

Facial Recognition Technology in the Workplace: Employers Use It, Workers Hate It, Regulation Is Coming for It

March 3, 2021
A director contemplates information at her desk.

Key Concerns for Directors in 2021: Recovery from COVID-19 Is Top Priority

March 2, 2021
woman looking at horizon from mountain top

What’s on the Horizon for Anti-Corruption Enforcement?

February 25, 2021
Next Post
Storm Brewing Just Ahead Green Road Sign with Dramatic Storm Clouds and Sky

Whistleblowing Management: The Coming Regulatory Storm

OneTrust offers download to demonstrate privacy management leadership
Access realtime data
Addressing systemic racism in the workplace SAI Global
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence ESG fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights