Given the increased sophistication and pervasiveness of modern cyber attacks, the assumption that anything within the security perimeter of the organisation can be trusted is quickly being replaced by a zero trust approach. As the name suggests, it sees no user, device or system either inside or outside a company’s cyber security perimeter being trusted. This is according to Syrex, a provider of hyperconverged cloud technology solutions in South Africa.
“Hybrid work, the rise of internet of things and analysing data close to the edge mean traditional ways of safeguarding data are no longer sufficient. Zero trust has emerged as a more proactive way for businesses to keep their systems, data and networks protected against compromise,” says Ralph Berndt, sales and marketing director at Syrex.
All this contributes to a rapidly expanding attack surface where cyber criminals are continuously searching for the weakest link in the cyber security chain. Once the integrity of the corporate network has been compromised, malicious users can remain undetected for months, stealing data and potentially infecting files with malware. Some research suggests it takes an average of six months for a company to detect a breach in its defences. By this time, significant damage would have been done.
“Zero trust takes what people think they know about cyber security and throws it on its head. The ‘never trust, always verify’ mindset is quickly proliferating in companies around the world as one of the most effective forms of protection against compromise. Of course, zero trust is more than a mindset – it is a cyber security model that will assist in shoring up any weak points in the perimeter.”
By denying access by default to users, devices and systems, an organisation can isolate traffic until such time as a level of trust is established. However, if zero trust is to be effective, a level of automation and orchestration must be employed. The sheer amount of access points connecting to the corporate network today mean security personnel cannot be solely responsible for managing it. Fundamentally, a zero trust architecture must integrate within the existing cyber security environment of a company to leverage its existing investments.
Think of zero trust as providing cloud security beyond the perimeter. It effectively extends the safety net typically associated with cyber defence solutions inside the organisation and ensures that nothing malicious can gain access to sensitive data and infrastructure.
“Zero trust does not have to be a complex or expensive undertaking. It is also not about reinventing the cyber security wheel, but just approaching from a different perspective. It all begins with the company needing to identify and understand its entire environment. Critical to this is monitoring, logging and analysing every activity across the network. Once this is done, zero trust can be managed through policy and procedures using advanced solutions that can automate much of the defences. It comes down to injecting real-time threat prevention and detection across all entry points into the business. By enabling the company to proactively managing access as opposed to reacting to attacks that have already penetrated the perimeter, decision-makers can deliver a better security environment that allows for better productivity and growth,” concludes Berndt.
Share
Syrex
Established in 1995 by specialising in the installation and support of Linux, Microsoft, and subsequently virtualised and hybrid network infrastructures, Syrex has evolved into a hyperconverged solutions provider that delivers the full ICT services offering from connectivity through to security and tailored IT support.
Syrex has a range of support services and products, which includes connectivity (VoIP, fibre, wireless and VPN), cloud (Office 365, virtualisation, hosting, backup, and archiving), security (firewall, VPN, SD WAN and security management), sales of both hardware and software, and comprehensive remote managed on and off-site support.