Protecting Assets and Managing Threats through a Zero Trust Approach

Man being required to sign-in to his computer

Zero trust security is important for shielding the business’s digital ecosystems from malicious attacks and threats from unverified users. Strongly based on the principle of “never trust, always verify”, this approach has protected millions of businesses around the world from potential breaches that often happen within their own network.

The traditional trust approach works on the assumption that all users within the network can be trusted, and can acquire all the information they are able to access. The zero trust model works the opposite way—it aims to eliminate trust so as not to make your systems vulnerable as threat actors and attackers can also be categorized as “users”.

For 2019’s Ascent Conference, we invited Neal Conlon, former head of sales and marketing at Appguard Inc., for a session on how companies can achieve zero trust and how they can strengthen their security infrastructure to keep up with emerging cybersecurity threats. 

The Zero Trust Model for Reinforcing Your Security Stack

The zero trust model involves identifying a “protect surface” first. Security solutions company Palo Alto Networks defines a protect surface as something that is composed of DAAS—data, assets, applications, and services. The DAAS is something that varies in every organization and is relatively smaller in size, so it’s easier to determine the scope of what needs utmost protection. Once the protect surface has been identified, the next step is to go deeper into user behavior and build a perimeter around your protect surface to ensure that everything in your database is secure and not accessible to illegitimate users.

In his talk, Neal discussed the 3 things that often happen once an attacker crosses over to the area between your userspace and system:

  • Harvest credentials they can use against you
  • Encrypt your machine and infect it with ransomware
  • Exfiltrate data or in some instances, complete a payment sequence

As businesses undergo rapid digital transformation, Neal advises CISOs and cyberleaders to not stray away from the fundamentals, like using two-factor authentication to verify your users’ identities. Here are more strategies that Neal shared to help businesses establish a zero trust framework:

  • It pays to have security skepticism—this helps you establish boundaries and establish accountability. 
  • Apply a detect-and-respond approach.
  • Align your ownership of controls and vault integrity with your compliance framework so that it creates a layer of security, both from a human and technical perspective.
  • A human challenge we need to solve is the inherent bias called trust that trickles down to the technologies we build. When your technology solution has that bias tied to it, someone can breach it and get through the minute they figure out what your bias is. 

Building a Zero Trust Environment in Today’s World

A zero trust model is essential in gaining visibility and monitoring the traffic across your systems, including users, devices, and applications. It also enables you to calculate the risks and enforce additional policies where and when needed.

Watch Neal’s full session in the video below:

[su_youtube url=”https://www.youtube.com/embed/cA4Ywfc4iVg” title=”Is Zero Trust Achievable?”]

Privacy Notice

This privacy notice discloses the privacy practices for (www.ascentconf.com). This privacy notice applies solely to information collected by this website. It will notify you of the following:

  • What personally identifiable information is collected from you through the website, how it is used and with whom it may be shared.
  • What choices are available to you regarding the use of your data.
  • The security procedures in place to protect the misuse of your information.
  • How you can correct any inaccuracies in the information.

Information Collection, Use, and Sharing

We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship an order.

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Your Access to and Control Over Information

You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website:

  • See what data we have about you, if any.
  • Change/correct any data we have about you.
  • Have us delete any data we have about you.
  • Express any concern you have about our use of your data.

Security

We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.

Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for “https” at the beginning of the address of the Web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at 202-256-9707 or [email protected].