Trusting No One Can Be Your Best Cybersecurity Move
The simplest yet most relevant piece of advice you can get from current cybersecurity experts is this:
Trust no one.
For a long time, cybersecurity advice has revolved around the idea that there are certain users that we trust enough to let inside our network, and there are those that we don’t—these are the ones that we guard our networks against.
Well, that’s not the case anymore, thanks to what’s dubbed as the modern approach to cybersecurity: the Zero Trust model.
What is Zero Trust?
As cyberthreats evolve to become more and more sophisticated, so should our approach to detecting and mitigating them. This is what Zero Trust is all about.
According to Information Security Analyst Garrett Bekker, Zero Trust is a new way of thinking that does away with the notion of “trusted insiders versus untrusted outsiders.”
Instead, it assumes that all users are hostile and to be untrusted, including network traffic already inside its perimeter.
Like we said, trust no one.
As Akamai Technologies CTO Charlie Gero puts it, “...cut off all access until the network knows who you are. Don’t allow access to IP addresses, machines, etc. until you know who that user is and whether they’re authorized.”
Why is Zero Trust important ?
There are many reasons why Zero Trust is a necessary next step your practice needs to take, but let’s just talk about two:
# 1 - Because threats can come from inside your organization, too
Insider threats are security risks that originate within the targeted organization. They come in the form of network users who, maliciously or not, use their legitimate access to corporate resources to harm the business.
According to a 2020 study by Ponemon Institute, the number of insider-caused cybersecurity incidents increased by 47% in the span of just two years—from 3,200 in 2018 to 4,716 in 2020.
Insider attacks are particularly difficult to prevent, mitigate, and contain using traditional security approaches, where an implicit trust is placed on whatever is onsite or within the network.
With Zero Trust, however, every user and every device is treated as a threat. So even if a user within the network requests access to corporate assets, it will not gain access until it gets past several stringent security protocols already in place.
# 2- Because your organization is growing
That means an increase in the number of endpoints within your network. You’re also likely expanding your IT infrastructure to adapt to cloud-based applications and servers, especially now that remote work has somehow become part of the new normal.
Your organization's growth is great news! But it also translates to the need to put a lot of effort in keeping your perimeters secure. Remember, the more endpoints you have, the wider the playing field is for cyber attackers.
With Zero Trust, your network is given the added layer of security that’s critical in a growing, modernizing practice such as yours. It averts cyber attacks and limits attackers’ access in case a breach does happen.
How can I implement Zero Trust in my practice?
Zero Trust can be put to motion in several ways. You can start with these three common Zero Trust protocols that you can implement in your practice:
Multi-factor Authentication (MFA): Stop hackers in their tracks
Multi-factor authentication is a security method in which a user is required to present two or more of the following factors to an authentication mechanism before they are given access to a network, device, or program.
When it comes to Zero Trust, access to resources is based on who a user is and if the system trusts them.
Implementing MFA is a good way to start a Zero Trust approach because it helps ensure that your users are exactly who they say they are.
If one of your office staff’s email account password is compromised, having MFA in place means that the hacker still needs to provide other factors—which could be a smartphone, a fingerprint, an ID badge, etc.—to successfully infiltrate the email account.
MFA can also be applied within the network as additional layers of security for applications and databases. If you’re looking to safeguard your practice using proven MFA technology, ER Tech Pros is an authorized reseller of top MFA products
Microsegmentation: Fortify your network defenses from the inside out
Microsegmentation is a security technique that involves grouping different working parts of a network into their most basic elements. It isolates the issues into workloads that are easily manageable, individually secured, and much more difficult to hack.
With Zero Trust, you won’t be focusing on just keeping the threats from breaching your network.
Microsegmentation ensures that you’ll also have defensive structures operating inside your infrastructure.
So even if a malicious user does get past your outer defense, a microsegmented infrastructure limits their ability to reach sensitive data, provides the opportunity to contain the breach, and minimizes damage.
Contact a trusted IT expert to know how microsegmentation can be implemented in your practice.
Permissioning: Limit what users can and cannot access
Permissioning is the authorization given to users that determine what particular resources they can access in a network and what type of access they have.
In the Zero Trust approach, users’ access rights are limited to the bare minimum needed for them to perform their work.
The concept that supports this protocol is the principle of least privilege. The idea is to grant user accounts minimum security access so that access to sensitive information is restricted to authorized users only. This practice is very useful in limiting the extent of a network breach.
For example, if your clinic receptionist’s user account is compromised, properly setting permissions means the hacker won’t have direct access to valuable patient records because your receptionist won’t have access to them in the first place!
Permissioning means you limit access to such sensitive information to only a few people in the practice.
It’s likely that your clinic or office is already implementing permissioning to some degree. However, these permissions can get changed (accidentally or intentionally) over time.
To ensure that your practice is protected, have certified cybersecurity experts assess your network.
Get Started with a Zero Trust Security Model
The Zero Trust approach sounds simple, but it’s far from easy. For some organizations, it’s a multi-year process. But don’t let that discourage you. Implementing a single Zero Trust protocol can give your practice layers of protection against threats and vulnerabilities.
Whether your IT environment is cloud hosted or on premise, you can start steady with multi-factor authentication, microsegmentation, and permissioning.
Keep up with the latest cybersecurity innovations.
Search Articles
Healthcare & Tech Articles
ER Tech Pros is a managed service provider (MSP) that specializes in catering to the IT needs of businesses across the globe. We have offices in Sacramento and the Greater Fresno area.
We use our cutting-edge technology, extensive experience, and global team of technology experts to ensure your IT network is in its most secure and optimal state.
We focus on your IT so you can focus on growing your company.
8795 Folsom Blvd, Ste 205
Sacramento, CA 95826
1501 Howard Rd, Ste 2
Madera, CA 93637
(855) ER-TECH-1 / (855) 378-3241
info@ertech.io
Resources
Search this Site
Get Updates
Enter your email address below to receive tech tips and resources from ER Tech Pros.
Connect With Us