Recent research shows that companies in the DACH region and the UK are increasingly planning to implement Zero Trust Lösungen*. 52 percent of the IT security decision-makers surveyed want to start a project within 18 months using so-called software-defined perimeter technology. The reason for this is the ongoing cloud computing trend.

What is Zero Trust?

The Zero-Trust-Model is a security approach in which a strict check of the user or the device is carried out regardless of its location in relation to the network. By restricting who gets privileged access to a computer or a network segment within an organization, the possibilities for attackers are severely limited. A network environment in which this security model is used is also known as a Zero-Trust-Network.

One of the principles of the Zero Trust model is that weak points are often exploited when companies show too much trust in individuals or outsiders when it comes to authorizations. Therefore, the Zero Trust approach provides that initially no user should be trusted by default, regardless of whether they are inside or outside the network.

The term “Zero Trust” was originally introduced in 2010 by a Forrester Research analyst. Shortly after, providers such as Cisco or Google adapted the model.

The importance of Zero Trust

The traditional approach to network security is often compared to a castle with a drawbridge and moat. It is somewhat difficult to get into the castle, but once you have managed to do so, you can move around freely within the castle relatively unhindered. In view of today’s IT landscapes, in which users can access internal applications and cloud services from anywhere, this approach looks like a castle that is out of date.

The Zero Trust model takes into account that it does not make sense to only concern yourself with security at the perimeter. Many data breaches were only possible because an attacker had got through an organization’s firewall and obtained authentication for internal systems. Zero Trust is therefore a much stronger approach to protecting important resources.

Basics of the Zero Trust model

A wide variety of technologies and principles exist to put Zero Trust into practice, but the following basic points are always included:

  • No basic trust. By default, no user or device should be trusted.
  • Principle of minimum rights. Users should only have the minimum necessary access.
  • Authorizations and network components are divided into smaller segments with individual access requirements.
  • Risk assessment and analysis. All network traffic should be logged and examined for suspicious activity.

Implement the Zero Trust approach

The following best practices should be considered when implementing the zero trust model within your organization:

  • The guidelines for network security should be checked again and again to ensure that they are up to date. They should be checked regularly for weaknesses and effectiveness.
  • Multifactor authentication (MFA) should be implemented for all users without exception.
  • In any case, all devices that try to log into the network should be checked. Access may only be granted to those who comply with the set security standards.
  • Network segmentation, micro-segmentation and perimeter segmentation should be implemented consistently in order to secure the individual areas of the network.
  • The greatest possible transparency in the network must be ensured in order to prevent misuse of data access in the event of calamities.
  • User access, as well as access by administrators, should be checked regularly at short intervals.

Using a Zero Trust partner

Implementing a Zero Trust architecture is extremely difficult. Only a few companies, for example Google, have been successful at retrofitting their network environments to comply with all the Zero Trust requirements.

Given how hard it is to retrofit an existing environment to Zero Trust, a security-conscious customer can derive the benefits of this modern framework by transitioning to cloud applications that already have adopted the Zero Trust framework.

And iManage Security Policy Manager extends this compliance by enabling firms to execute such new security policies. Further, iManage Threat Manager detects suspicious activity whether your firm is on, transitioning to, or just looking at implementing Zero Trust.

To learn more about how IRIS supports Zero Trust, and about the architecture itself, book a free consultation with our Governance & Security consultants.

Wie wir helfen können

Unter IRIS Nederland wir nehmen das Informationsmanagement ernst. Informationen sind die Quelle jeder Organisation und erfordern daher intelligente, zukunftssichere Lösungen, die den Anforderungen von Organisationen und ihren Benutzern gerecht werden. Dieses Versprechen halten wir seit über 20 Jahren gegenüber unseren Kunden. Egal, ob Sie eine neue Dokumenten- oder eine andere Informationsmanagement-Lösung implementieren möchten: Wir haben die Erfahrung, um Sie bei einem solchen Projekt von Anfang bis Ende zu unterstützen.

Kontakt aufnehmen mit uns, wenn Sie mehr darüber erfahren möchten, wie unsere Lösungen und Dienstleistungen kann die Arbeit Ihres Unternehmens effizienter, sicherer und intelligenter machen.

*According to the “State of Enterprise Secure Access Report 2019” from US software provider Pulse Secure

Über den Autor

Rachelle Beugels
Rachelle BeugelsVermarkter