Zero trust security

Trust no one. At least, not when it comes to network security; not your staff, your customers nor suppliers.

This is zero trust security, an IT model that imposes strict identity verification that significantly reduces security breaches. A Forrester study highlighted that organisations which implemented such a system quickly saw a 50% reduction in security breach incidents.

It is, as the name implies, a process that removes all elements of trust and assumption from the system. The default position is to assume everyone is either lax when it comes to ensuring security, or are, frankly, up to no good. It’s a known ploy by hackers to masquerade as a legitimate user to gain high level access to a network. So, strange as it seems, with this approach, when it comes to network security even the head of IT security receives zero trust! Their credentials could have been compromised.

“Networks are so complicated, with so many different ways to access them, that this approach takes the view that access and privileges are only granted once trust has been established,” said Dominic Ryles, Business Development Manager IT Enterprise Commercial. Crucially, it also requires that authentication to be constantly reviewed and renewed.

A zero trust protocol requires all users to be verified, all devices to be validated, all access to be temporary and all process to be subject to policing via machine learning and AI. This not only automates basic network management functions but monitors user traits. If there is activity outside of a user’s normal habits that is instantly flagged and additional authentication is required in order to gain access. For example, if a systems admin logs on between 9am and 6pm for 99% of the time, any attempts outside of those hours will be flagged and extra, high levels of authentication will be sought. Additional authentication, that is, to the already heavy zero trust approach such as one-time passwords.

Security is everyone’s concern, so it’s imperative that businesses ensure they have a robust system and a fully-informed and compliant user base. This is where Exertis Hammer can help. With our depth of knowledge, vendor base and experience in providing security solutions, we can help ensure end users achieve the levels of network security required in these days of remote working. Speak to our account teams today.

Source: Hammer
Published Date: 15/11/2019

Back to News