unsplash-image-xcgh5_-QIXc.jpg

 

Evolving risks in the current cyber landscape have companies everywhere searching for an effective strategy to secure company data. Employees and devices work outside the office, on home and public Wi-Fi, sometimes on personal devices. Traditional IT security is no longer fit for purpose. 

IT leaders need to switch to a new paradigm: Zero Trust Architecture. Zero Trust is a cyber defense strategy that moves away from network-based perimeters and instead focuses on users, assets, and resources. With Zero Trust a breach is assumed, and each access attempt must be proved trustworthy to proceed. 

While the Zero Trust model is tremendously effective, it takes careful planning to execute the strategy effectively. You may be wondering to where get started on a Zero Trust architecture. A great place is to begin is by leveraging and securing your endpoints and identities. 

 

Acknowledging Modern Vulnerabilities

Consider this – according to a Total Economic Impact Study conducted by Forrester in 2020, 80% of breaches involve the use of lost or stolen passwords. What’s more, 60% of breaches are a result of devices not being secured by IT. The odds are against you if you approach modern device management with a legacy castle-and-moat mindset. And the impacts can be financially devastating.  According to a recent study from the Ponemon Institute, the global average cost of a data breach is $3.38 million. In countries such as the United States that average has hit an all-time high of $8.64 million.  

Statistically, devices operating while accessing company data that are not properly provisioned for remote work have proven to be a substantial vulnerability. Cybercriminals and bad actors looking to breach your company’s environment regularly target these types of unsecure devices. Remote work, and hybrid work, are increasing globally. Companies that do not adopt zero trust will continue to live with an increased risk of a breach. 

 

The Zero Trust Strategy in Action – Using Identities and Endpoints as your First Line of Defense

To combat the increasing volume and sophistication of threats, securing your Identities and Endpoints is crucial. Companies must protect their data, apps, infrastructure, and network. Follow these steps to protect Identity and Endpoints with Zero Trust: 

  1. Verify explicitly 
    Ensure that you’re vigilantly authenticating and authorizing all access requests. 
     

  2. Give users ‘Least Privilege Access’ 
    Let’s face it, sometimes the risks outweigh the pros in terms of permitting user access. Programs that aren’t thoroughly evaluated can face large amounts of security vulnerabilities. Audit what programs and apps your employees really need to be productive and allow them just enough permissions to effectively perform their role. 

  3. Assume breach  
    The reality is that with the increased volume and sophistication of threats, we’ll all be breached in some capacity at a certain point. By designing systems and processes with the inevitability in mind that some breaches will occur, you’ll be positioned to minimize the impact of the breach and recover swiftly.  

By effectively securing identities and endpoints, Microsoft clients have seen: 

  • A 45% overall decrease in the likelihood of data beaches  

  • A 50% reduction in overall management efforts for Identity and Access Management teams 

  • A 75% reduction of password reset requests 

  • An 80% decrease in deployment time saved with Microsoft Endpoint Manager 

Securing Identities

Going Modern with Identity will accelerate your journey to a Zero Trust model and will secure your hybrid workforce. In terms of taking action, you’ll want to focus on critical access decisions from the cloud while eliminating common attack possibilities.  

Some items your team can take to get started are to: 

  1. Move to modern authentication with multi-factor authentication and enable biometric (passwordless) authentication if possible. 

  2. Block legacy authentication. 

  3. Control access to your environment with intelligent and carefully considered adaptive policies.   

Securing Endpoints

You’ll want to ensure your endpoints are managed by a cloud-first technology like Microsoft Intune. This, combined with Azure AD, allows for conditional access – dynamic policies that increase authentication requirements or even block access based on risk. 

Further, with the proliferation of mobile devices in the workplace, creating an effective and secure BYOD program will prove instrumental to your Zero Trust strategy.  

Take these steps to secure your endpoints: 

  1. Set policies to update operating systems for all devices. 

  2. Add app protection policies for data on personal smartphones or require device enrollment. 

  3. Limit access to compliant and healthy devices.  

  4. Safeguard your resources with access lifecycle management. 

     

Create a Robust Employee Experience with Passwordless Authentication

Create an environment where users can leverage passwordless authentication and single sign-on. This will provide value to your employees in terms of usability.  

As mentioned previously, 80% of modern security breaches involve a lost or stolen password. The philosophy of using a combination of a unique username and password for security was first created back in 1961. It was a great idea…at the time.  

Now though, passwords represent a threat vector. Employees can be tricked into giving passwords away. Biometric authentication provides a far better user experience, and it is more secure.  Technologies you can leverage to achieve passwordless auth include Microsoft Authenticator, Windows Hello, and FIDO2 Security Keys. 

Do understand that Passwordless Authentication is more than not having to type in your password. It will require backend infrastructure and apps that support alternative authentication methods. That said, an imperfect solution will still reduce your threat surface. 

 

Looking ahead with a Zero Trust Strategy

Your ability to empower and secure your team has never been more critical. Effectively securing your endpoints and identities will set you on the right path for a Zero Trust strategy to proactively combat future potential breaches. For more information on getting started, please contact us to discuss Zero Trust or schedule a complimentary Modern Work Assessment.

 
Conatct

Andrew Reade

Andrew is our Digital Marketing Manager and oversees web-based marketing strategies and content creation for the organization. As a marketing veteran, Andrew has worked with organizations of all sizes in a diverse group of industries, from Risk Management to Transportation. Joining the organization in 2021, Andrew is based in Mobile Mentor’s Nashville, TN office.