3 Tips For Implementing Zero Trust Security
Looking to implement zero trust at your organisation? Don’t start your project without reading these top 3 tips from the cyber security experts at Infosec K2K.
There’s no doubt about it, Zero Trust is by far one of the hottest topics on the Cyber Security scene right now. And for good reason!
First popularized by Forrester Research analyst John Kindervag, the term ‘Zero Trust’ refers to a relatively new approach to cyber security. Rather than assuming that an identity can be trusted based on credentials or location, as with traditional perimeter-based security, zero trust presumes that no connections should be trusted. By trusting no one and nothing, zero-trust ensures that only devices and users with the correct authentication and authorization are able to access an organisation’s network.
1. Don’t Trust Admin Accounts
Standing accounts with any considerable level of admin access or power can be incredibly dangerous. Misuse of this elevated access, whether intentional or not, can cause serious damage to your business’ network. What’s more, if a threat actor gains access to one of these privileged accounts, the threat is far, far greater.
A true Zero Trust model involves a “least privilege” approach – i.e. a user is only given the absolute minimum privileges required and every privilege is only granted at the exact time it is needed and for the exact duration it is needed.
2. Don’t Trust Passwords
No matter how secure the user attempts to make their passwords, they are intrinsically insecure. The well-known and often-used practice of IT teams forcing business users to pick complex passwords and change them once a quarter is simply not enough anymore.
Instead, opt for a combination of authentication methods, often known as multi-factor authentication (MFA). Alongside password authentication, these methods could include:
Certificate-based authentication
Biometric authentication
Token-based authentication
Voice authentication
3. Don’t Trust Hybrid Privileged Roles
When making the move to cloud-based systems, many organisations choose to leverage their existing on-permises processes for administration in the cloud, so they simply make on-premises administrative accounts into hybrid accounts.
This approach is incredibly unsafe, as it allows attackers to take advantage of the complex legacy nature of the accounts to attack systems and access data in the cloud. In fact, it has already led to some serious attacks on cloud infrastructure.
Our tip? Keep cloud privileged roles cloud-only!
Are you looking for support implementing or improving your Zero Trust solution? You’re in the right place!
Having carried out multiple Zero Trust projects to date, the team at Infosec K2K are the experts when it comes to building a solution that truly sticks to all the principles of zero trust security, keeping your organisation safe and secure from potential cyber threats.
Get in touch with us to find out more about how we can help you.