Recent research shows that companies in the DACH region and the UK are increasingly planning to implement Zero Trust solutions*. 52 percent of the IT security decision-makers surveyed want to start a project within 18 months using so-called software-defined perimeter technology. The reason for this is the ongoing cloud computing trend.
What is Zero Trust?
The Zero-Trust-Model is a security approach in which a strict check of the user or the device is carried out regardless of its location in relation to the network. By restricting who gets privileged access to a computer or a network segment within an organization, the possibilities for attackers are severely limited. A network environment in which this security model is used is also known as a Zero-Trust-Network.
One of the principles of the Zero Trust model is that weak points are often exploited when companies show too much trust in individuals or outsiders when it comes to authorizations. Therefore, the Zero Trust approach provides that initially no user should be trusted by default, regardless of whether they are inside or outside the network.
The term “Zero Trust” was originally introduced in 2010 by a Forrester Research analyst. Shortly after, providers such as Cisco or Google adapted the model.
The importance of Zero Trust
The traditional approach to network security is often compared to a castle with a drawbridge and moat. It is somewhat difficult to get into the castle, but once you have managed to do so, you can move around freely within the castle relatively unhindered. In view of today’s IT landscapes, in which users can access internal applications and cloud services from anywhere, this approach looks like a castle that is out of date.
The Zero Trust model takes into account that it does not make sense to only concern yourself with security at the perimeter. Many data breaches were only possible because an attacker had got through an organization’s firewall and obtained authentication for internal systems. Zero Trust is therefore a much stronger approach to protecting important resources.
Basics of the Zero Trust model
A wide variety of technologies and principles exist to put Zero Trust into practice, but the following basic points are always included:
- No basic trust. By default, no user or device should be trusted.
- Principle of minimum rights. Users should only have the minimum necessary access.
- Authorizations and network components are divided into smaller segments with individual access requirements.
- Risk assessment and analysis. All network traffic should be logged and examined for suspicious activity.
Implement the Zero Trust approach
The following best practices should be considered when implementing the zero trust model within your organization:
- The guidelines for network security should be checked again and again to ensure that they are up to date. They should be checked regularly for weaknesses and effectiveness.
- Multifactor authentication (MFA) should be implemented for all users without exception.
- In any case, all devices that try to log into the network should be checked. Access may only be granted to those who comply with the set security standards.
- Network segmentation, micro-segmentation and perimeter segmentation should be implemented consistently in order to secure the individual areas of the network.
- The greatest possible transparency in the network must be ensured in order to prevent misuse of data access in the event of calamities.
- User access, as well as access by administrators, should be checked regularly at short intervals.
Using a Zero Trust partner
Implementing a Zero Trust architecture is extremely difficult. Only a few companies, for example Google, have been successful at retrofitting their network environments to comply with all the Zero Trust requirements.
Given how hard it is to retrofit an existing environment to Zero Trust, a security-conscious customer can derive the benefits of this modern framework by transitioning to cloud applications that already have adopted the Zero Trust framework.
And iManage Security Policy Manager extends this compliance by enabling firms to execute such new security policies. Further, iManage Threat Manager detects suspicious activity whether your firm is on, transitioning to, or just looking at implementing Zero Trust.
To learn more about how IRIS supports Zero Trust, and about the architecture itself, book a free consultation with our Governance & Security consultants.
How we can help
At IRIS Nederland we take information management seriously. Information is the source of every organization and therefor requires intelligent, future-proof solutions which meet the needs of organizations and their users. We keep that promise to our customers for over 20 years now. Whether you are looking to implement a new document- or any other information management solution: we have the experience to support you with such a project from start to finish.
Get in touch with us if you want to know more how our solutions and services can make your organization work more efficient, secure and smarter.
*According to the “State of Enterprise Secure Access Report 2019” from US software provider Pulse Secure