This #CyberSecMonth, lets dive into what is probably the most important Cybersecurity concept that most Maltese Companies today haven’t heard of.
ZERO TRUST SECURITY.
Well you may have heard the buzzword, but what does that mean and how do I do it?
What is zero trust security?
Zero trust at its core is a simple concept – no matter who a user is within your organisation (be the CEO or the Janitor) their access to sensitive data comes down to three things:
- What we know about them.
- What we know about the device they’re using.
- The systems and sensitivity of the data they’re accessing.
The philosophy behind a zero trust assumes that there are attackers both within and outside of the network, so no users or machines should be automatically trusted.
Another principle of zero trust security is least-privilege access. This means giving users only as much access as they need, like an army general giving soldiers information on a need-to-know basis.
Ok – is this a departure from how we’ve done it in the past?
Yes absolutely – traditionally we’ve taken an approach called the castle-and-moat concept (fairly popular with us Maltese – if there’s one thing we know it’s castles!) which means once you’re inside the walls (inside the corporate network) you’re safe – but if you’re outside you’re a threat.
Fig 1. We have a history of building castles – beautiful, but outdated.
In castle-and-moat security, it is hard to obtain access from outside the network, but everyone inside the network is trusted by default. The problem with this approach is that once an attacker gains access to the network, they have free reign over everything inside.
Adding to this – no longer do most companies have all their data in just one place, and the vast majority of cyber-attacks target user identities and not the network (it’s far easier to kidnap a farmer than scale the castle walls – you can read more about that here: http://ictsolutions.com.mt/3-simple-steps-to-empower-your-people-against-cyber-attacks/) leaving you vulnerable, no matter how fancy and expensive your walls.
Are other companies adopting Zero Trust?
Resoundingly Yes – Zero trust adoption is up by 275% year over year, however we in Europe are behind the curve when it comes to adoption – with only 18% of European companies working on a Zero trust policy, compared to 45% of companies in Australia, and over 60% of companies in North America.
Maybe we just really like castles?
Unfortunately, this means that Europe (and Malta, we’ve been ranked the No. 1 most vulnerable country in Europe!) is very vulnerable to the future of Cyber threats!
How do I implement zero trust security?
The answer is it used to be complicated – you needed a team of engineers, experience, training, a bunch of weird complex licenses, machines that go ping, and a shaman to bless the machine spirit.
But not anymore!
Now you can benefit as Zero Trust as a Service – simple, secure and compliant, without taxing your internal teams, of leaving yourself vulnerable.