Businesses today need to use all of the security tools available to combat threats and stay ahead of hackers. Part of that includes moving to a Zero Trust security model.

Rather than operating under the assumption that anything within the firewall should be trusted, movement within the network is restricted to prevent the spread of undetected malware or the work of a bad actor.

Securing the Perimeter Is Just the Start

While having a strong firewall and secure perimeter is still an essential part of any security policy, it’s just the beginning.

The perimeter of your business changes and evolves with every new vendor, partner or connected device. A policy of trusted and untrusted domains is no longer enough to secure your network.

A strong firewall will prevent and notify you of attacks coming from outside your network, but that is no longer enough. With the rise of malware like Emotet and the practice of Island Hopping, hackers may already be inside your network and you don’t even know it.

Zero Trust security restricts access within the network based on security policies and user roles, so malware can be contained, and sensitive data can be protected.

Endpoint Security Headaches

Endpoint security has also become more complicated. You no longer have to worry only about company provided computers accessing the network, now employees are bringing their own devices and expect network access as well.

However, for Zero Trust security, every access point must be secured, from each desktop computer in the office to every connected mobile device, to every IoT sensor in your data center or warehouse.

To do this, consider using two-factor authentication or multi-factor authentication. This, combined with role-based access policies and device authentication, can protect your data from ending up in the wrong hands.

zero-trust-model

What Is Multi-Factor Authentication?

Multi-factor authentication is an access security method that grants a user access only after two or more pieces of information, or factors, are presented to authenticate that they are who they say they are. This usually relies on:

Something the user knows: A password, PIN or security question

Something the users has: A USB security token or mobile phone

Something the user is: A biometric, such as their voice or fingerprint

Two-factor authentication is a type of multi-factor authentication that relies on two of the three factors. Most commonly, it combines a password with an authentication message sent to a mobile device. This message asks the user to enter a time sensitive access code to gain access to the application or network.

Authentication Solutions

Luckily, there are solutions available for two-factor and multi-factor authorization to add to your Zero Trust security model.

Sophos’s Intercept X offers multi-factor authorization and end-to-end endpoint security as well as deep learning to stay ahead of the hackers.

Duo, from Cisco, offers two-factor authorization solution with remote access and single sign-on for a seamless user experience.

If you’re looking at other vendors, here’s what we recommend for core capabilities in a Zero Trust Solution:

  • Using multi-factor authentication to verify the user
  • Validating the device they are using
  • Limiting access and privileges of known and unknown devices
  • Enforcing role-based network access

If you’re interested in any of these solutions or just have a question about Zero Trust security, contact us and we’ll be happy to talk you through it.  

social