Trust no one: The re-emergence of zero trust

Trust is everything.

Any organisation or business cannot live without it, and it is implicit in daily business activity. In the relationship between vendor and client, it should be sacrosanct, yet, more often than not, trust is abused, disregarded and, in many cases, lost.

Sascha Fahrbach.
Sascha Fahrbach.

Once there is a data breach, misconfiguration or a hack, be it intentional or by accident, the consequences to the relationship between customer and vendor are shattered. Once the damage has been done, the result can come in the form of painful financial loss or a permanent stain to brand reputation.

With the average cost of a data breach numbering $3.86 million, according to the most recent study by IBM and the Ponemon Institute,(1) there is increasing pressure to stop sophisticated attacks and prevent breaches. So how does the world move forward and address this serious security gap?

The focus is not on some new form of technology, but in fact, something that has been around for several years.

The term zero trust was first coined by John Kindervag in 2010. Kindervag was VP and principal analyst at Forrester Research. Now, a decade later, the term has seen a resurgence in the cyber and info security community as a way of addressing the need for better security.

What is zero trust?

Zero trust is not just a simple solution or add-on which can be integrated overnight.

It is a strategic initiative that helps mitigate and ultimately prevent data breaches by getting rid of the concept of trust from an organisation’s network architecture.

A common sentence that accompanies the concept is “never trust, always verify”. One of the core principles of zero trust is the notion that network segmentation is key, and therefore lateral movement within a network perimeter is not allowed.

Up until recently, the modus operandi for many organisations was that once within a network perimeter, a user could be trusted. This is the key differentiation for zero trust, as it foresees access for users only on the basis of least privilege. In essence, one is only given as much access to what someone needs to complete their task, nothing more, nothing less.

In essence, a thorough zero trust strategy is built on three main pillars:

  • Making sure that all company resources are able to be accessed securely, irrespective of location.
  • Using and administering a least privilege strategy, as well as enforcing access control. Remembering that at the core of zero trust is the idea that every user is perceived as untrusted.
  • Auditing and monitoring all data traffic. The concept is based on the fact that even those within the perimeter may cause problems, such as insider misuse.

Fudo PAM can add valuable procedures and relieves administrators of the hassle of configuring accesses individually, even in an Active Directory environment. With Fudo PAM’s User Access Gateway, one can leverage a single sign-on approach to multiple servers and systems, including Web-based management consoles.

There are a few powerful points about Fudo PAM worth mentioning.

Firstly, Fudo PAM’s built-in multi-factor authentication schemes (MFA) takes the security model to a new level without the hassle of setting it up on several systems at once. Secondly, the user does not have to know the server or Web console’s password. However, the user is still able to access the service without any confusion, hence another win for keeping true to the zero trust approach – everything is kept seamless for the user. With the user sessions being recorded and analysed in real-time with biometric-based AI, an advanced security orchestration is created based on session archiving and it constantly checks the user – once again demonstrating a zero trust principle. Furthermore, Fudo PAM’s agentless approach makes all of this easy to set up and fast to deliver.

There may already be several layers of security in place, and many organisations may dismiss zero trust as just another marketing buzzword from the infosec industry.

So why does zero trust matter so much? There are a number of reasons, though the most powerful will be, of course, this staggering statistic: Cyber crime will cost the world a whopping $10 trillion by 2025.(2) Anything that we can do to improve how we work and optimise the way we perceive access security will go a long way to bring this number down.

It is the right time for zero trust; given the additional strains put on companies and individuals during the pandemic, the crisis now needs an answer.

Data will continue to grow exponentially and as we push on into our digital transformation.

It seems that in our current reality, where the lines are blurred between the organisation and the user, we require every tool and framework to make our lives safer.

With a zero trust policy, an organisation is able to control access to specific systems and resources, working on the assumption of a continual breach.

It certainly cannot be implemented overnight, and zero trust is as much a strategic decision as a technical one. Fudo PAM serves an integral part in the entire zero trust journey; it is part of many other components and pieces that an organisation must adopt to have a comprehensive zero trust architecture in place. Though with the success of introducing and utilising zero trust in your network, it will enable a seamless transition to better security for everyone.

Sascha Fahrbach – Fudo evangelist and digital influencer

Sascha Fahrbach engages himself globally to spread cyber security awareness and the importance of PAM solutions to all organisations. He hosts various digital events for Fudo Security for a global audience. He’s a media facilitator, hosts Fudo’s podcasts, conducts interviews and runs dynamic security webinars. He’s also a regular guest at a Central European TV broadcaster. 

1 https://www.ibm.com/security/digital-assets/cost-data-breach-report/#/

2 https://cybersecurityventures.com/cybercrime-damage-costs-10-trillion-by-2025/

Share