You may be aware that President Biden recently signed an executive order aimed at improving the United States’ cyber security. In the Executive Order, he speaks very specifically about Zero-Trust architecture, encryption and multi-factor authentication. Zero Trust is an exciting approach to modern security, but why is the President of the United States talking about it?
Clearly, the federal government is extremely concerned about cybersecurity for both business and government. The reason behind their concern is evident. During the pandemic, cybercrime grew by 500%. Crazy, right? Each day, nearly 4,000 organizations are victims of ransomware. To make matters worse, cybercriminals are specifically targeting healthcare, education, government services, and businesses. Not only is cybercrime disrupting social services, but it’s also creating a devastating impact on the private sector that powers the economy.
What is Zero Trust and How Can it Help Right the Ship?
Zero Trust is a radical shift in the way we think about cyber security. Consider the story of the city of Troy. Once upon a time, the people of Troy trusted a wooden horse as a gift and the bad guys got in. Today, we trust our passwords, and VPNs, and like Troy…..we are letting the bad guys in.
Passwords were a great invention in 1961, but now in 2021, passwords are the cause of many security breaches and ransomware attacks. Why is this happening?
Nobody can remember one or two hundred passwords, especially not passwords that are unique, strong and have numbers and characters. And people generally don’t change their password every 90 days. The reality is that people tend to re-use the same passwords, modify existing passwords, rely on their pet’s name, or birthday.
Because of this, cybercriminals don’t need to break into our accounts, they simply log in using our weakest passwords.
How does Zero Trust Work?
The idea behind Zero Trust is that you stop trusting legacy security tools like passwords and VPNs. The Zero Trust architecture makes the assumption that every login attempt is a breach – until explicitly verified to be safe. It demands that we look at the entire chain from the user’s device to the data being accessed, by addressing a series of questions:
-
Is the device known?
-
Is the device encrypted?
-
Is the device managed?
-
Is the OS up-to-date?
-
Is the connection secure?
-
Is the IP range known?
-
Is the user accessing a permitted file or application?
Zero Trust architecture is a more robust security model than the old approach of trusting passwords and VPNs to protect our sensitive digital assets. For this reason, companies and individuals need to move away from trusting passwords and embrace the notion of password-less authentication, relying on a combination of biometrics and multi-factor authentication. When we do this, we increase our chances of detecting a fraudulent login and hopefully hindering lateral movement across our networks.
Zero Trust as a Methodology
It’s important to note that Zero Trust is not another software product that you buy and configure. Rather it is a methodology, a framework, a modern approach to security in an increasingly complex world of hybrid work and BYO technology. Fortunately, any company that has Microsoft 365 licenses can implement Zero Trust – you already have all the pieces of the jigsaw puzzle. There is an exciting and important learning curve ahead to assemble that puzzle.
Hope is not a strategy
The biggest risk of all is the humans that sit behind the keyboard. Without adopting robust Zero Trust security measures, every time we type a password, click a link, or open an attachment, we’re taking an enormous risk.
Hope is not a strategy, but I am hopeful that if we embrace Zero Trust, we can collectively impede cybercrime and cut off the revenue stream cybercriminals are pulling from our economy. More importantly, I hope we can restore confidence in our digital world.
ZERO TRUST WHITEPAPERS
AN OVERVIEW OF ZERO TRUST
A Non-Technical Overview for Executive and Boards Members
GETTING STARTED WITH ZERO TRUST
A Deployment Guide with Microsoft 365 E3 Licenses
ZERO TRUST AT SCALE
Enhanced Security with Microsoft 365 E5 Licenses
Contact us to learn more about Zero Trust