Zero Trust architectures: a question of trust
A Zero Trust architecture is considered the state of the art for protecting corporate networks from unauthorized access. Implementing a Zero Trust architecture requires appropriate security software, but with UEM you don’t have to start from scratch.
Short & sweet
- Detecting cyberattacks can take a very long time without appropriate internal controls.
- Zero Trust is not a single solution, but a concept consisting of five core elements that build on each other.
- UEM helps you implement and manage Zero Trust protection and act quickly in the event of serious incident.
Our entire coexistence is based on trust. Without this basic trust, there would be no civil society and no global economy. Since ancient times, waving or shaking hands to greet each other signaled trust with the implied message, “I don’t have a weapon in my hand, so I’m not a threat and you can trust me!” Our ancestors relied on trust in interactions such as bartering, e.g., “If I give my counterpart the five sheepskins he asked for, I will receive the amber necklace in return.”
Trust has limits
The keyword there is “sheepskin”. Unfortunately, some people turn out to be wolves in sheep's clothing. While trust is good, control is better, especially in today’s digital world where we
don’t meet or shake hands with our counterparts in person.
Healthy mistrust manifests itself in corporate networks in the form of firewalls, VPNs and access controls. But once you’re in, you're in. Once past the
digital reception desk, a disguised wolf can go about its malevolent business undisturbed as long as it stays inconspicuous.
According to Google’s cybersecurity subsidiary Mandiant, intruders in corporate networks
remain undetected for an average of 10 days. Mandiant also reports that only 43% of intrusions are detected within the first week. That gives hackers plenty of time to
steal data, install malware or launch ransomware attacks.
Continuous monitoring instead of just access control
This is why Zero Trust takes control to a new level. As the name implies, just because you were allowed to access the network doesn’t mean you’re authorized to access everything on it.
Security software continuously monitors the behavior of users and end devices and sounds the alarm in the event of any anomalies or suspicious activity. Zero Trust also applies to mobile devices accessing the company network.
Security providers today are using machine learning and other AI technologies to automatically determine which network activity is authorized. AI-based tools observe activity over time to
calculate a model of what’s usual and permitted, then compare it to current activity.
At first glance, AI-based continuous monitoring might seem like a magic solution that a company can simply buy to prevent attacks. However, Zero Trust is not a single solution, and ongoing
monitoring is just one of five core components. This is why experts speak of a “Zero Trust architecture”, not a “Zero Trust solution".
The five pillars of the Zero Trust architecture
- Identities: The Active Directory provides the basis for identity management and strict access controls in Windows-based infrastructure. The state-of-the-art is to extend username-password protection with multi-factor authentication (MFA), for example using hardware tokens or authentication apps such as Google Authenticator.
- Devices: End devices used must be secured and updated to the latest fully patched version. If out-of-date or unpatched software, suspicious behavior or malware is detected, the IT team must be able to isolate affected devices quickly.
- Network: The network must be protected and appropriately segmented. The aim is to limit the scope of an attack as much as possible.
- Applications: Access to local and cloud-based applications and resources is protected by querying the identity, status and other attributes of a device. The principle is that all users and devices only receive the access they need.
- Data: It is the focus of all Zero Trust components. Companies must first gain an overview and detailed inventory of all data in order to establish meaningful control mechanisms based on data sensitivity, regulatory requirements and other factors
UEM plays a key role in Zero Trust
Many companies rely on a Unified Endpoint Management (UEM) solution to help them implement and manage a Zero Trust architecture. Ideally, they should use a comprehensive solution such as
the baramundi Management Suite (bMS), which offers all the functions needed to centrally provision, inventory, manage and update desktop, laptop and
mobile devices, and quickly isolate them if necessary. The bMS also enables IT admins to further protect data access by mobile devices with a per-app VPN capability.
The combination of UEM, strict identity and access control, and continuous monitoring of network, device and user activity, gives companies a solid foundation for a Zero-Trust
architecture. IT teams using the bMS know that they have a proven solution for efficient day-to-day endpoint maintenance and security tasks, as well as the ability to act quickly
during an emergency.