Industry Insights with Isa Jones

Governance & Risk Management , Identity & Access Management , Leadership & Executive Communication

Zero Trust Is More Than A Buzzword

A "Must-have" for Cybersecurity
Zero Trust Is More Than A Buzzword

Zero Trust might have been one of the most commonly used words across the cybersecurity landscape in 2021. Understanding it, implementing it, and the flaws of not having it were everywhere. It was the new VPN and the “must-have” in cybersecurity. But, what is it exactly and does your organization actually need it?

See Also: New OnDemand | Reacting with Split-Second Agility to Prevent Software Supply Chain Breaches

What is Zero Trust Network Access?

Zero Trust Network Access is a newer cybersecurity concept that removes any implicit trust, regardless of who’s accessing and what’s being accessed. Since no one is trusted in this model, insider and outsider access needs to be verified and authenticated each time a user logs into a system Zero Trust is not a specific tool, but a model or an approach that some products and services can provide to organizations to keep their data safe. Essentially, the Zero Trust cybersecurity approach is kicking old methods to the curb while embracing the basic principles of security.

Is Zero Trust Network Access Necessary?

Yes. Historically, organizations assumed that internal users and third parties who had access should be trusted and will operate as they should. The castle-and-moat methods organizations used to protect themselves from cyberattacks, however, have proved ineffective on multiple occasions, with some of the biggest cybersecurity incidents starting from an internal threat or a source that was purposefully granted access. Whether it’s from access creep or a termination gap or a third party with too much access, trust is no longer the answer. This approach of trusting all those within the organizational walls and building defenses against outside threats hasn’t, and still isn’t, providing the full protection that organizations need from attacks and hackers.

The data speaks for itself:

  • 40% of breaches originate from authorized users
  • 44% of organizations experienced a third-party data breach in the last year from too much privileged access
  • 63% of organizations don’t have visibility into the level of access and permissions users have in their systems

Not Implementing ZTNA Is A Major Risk

If breaches are coming from authorized access and too much trust, granting any level of trust is opening the door to a potential cyber attack. Your organization may trust its vendors, but should it? Who else are those vendors working with? Your organization may trust your employees, but human error doesn’t take into account trust and good intentions. It only takes one stolen password, one unlocked door, and one poorly managed access point for a bad actor to wreak havoc. Any risk is too much when it comes to critical access points and assets.

ZTNA Is Part of Strong Access Management

Managing critical access is the only way to truly keep your organization secure. Hackers are gaining skill and creativity, and the headlines have highlighted how traditional security measures continue to fall short. By implementing practices associated with ZTNA and holding every user to the same, scrupulous parameters, an organization can start to feel more secure from insider and outsider threats.

Best practices include:

  • Multi-factor authentication. The bare minimum an organization can do is remove single sign on for users, especially for third parties. Passwords fall into the wrong hands far too often (just look at the Colonial Pipeline hack), so it’s important to add a layer of security for even the most routine access points.
  • Creating Privileged Access Management or Identity Access Management systems. An automated system not only streamlines access management, but restricts access down to its most granular level, utilizing least privileged access methods to manage every users’ permissions.
  • Storing credentials. By keeping credentials hidden, the credential vaulting prevents logins from being compromised, which helps stop potential network intrusions before they can even start.
  • Implementing an access review tool. Even with strong measures in place, access mis-management can occur. Periodically reviewing user access is a simple way to make sure no user, internal or external, is accessing assets they shouldn’t. Whether it’s accidental or intentional, double checking user access is a strong tool to prevent data from being compromised through a user’s privileged access.


About the Author

Isa Jones

Isa Jones

Content Writer, Securelink

Isa Jones is the content writer for SecureLink. Based in Austin, Jones has a decade of writing and content strategy experience, including a background in journalism.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ffiec.bankinfosecurity.com, you agree to our use of cookies.