So what is Zero Trust? In college, I worked at a bank when I came home for holidays or the summer. I was a rotating teller, so I was always at different branches.
Once, an elderly gentleman came to my window to cash a check. I greeted him nicely and asked for his identification to cash the large check drawn from his account. He began to yell and throw a fit, saying he had been banking there for 30 years.
I calmly explained that I was new and did not know him and was trying to protect him by ensuring I wasn’t giving his money to someone else. One of the other tellers vouched for him, having known him as a customer for many years. I wanted to ask him if he knew me and then explain that if he didn’t know me, how should I know him? But alas, common sense is not so common sometimes.
Implementing a Zero Trust model in your organization’s network involves a similar approach.
Users should be required to prove who they are before they are allowed to enter the system. This can be done via multi-factor authentication, ensuring passwords are changed regularly. Verifying user identity must be mandatory wherever the user is accessing the network.
A policy of ‘least privilege’ or role-based access control should also be implemented. Only allow access to the information that a user needs to perform their job. In the intel community, this is referred to as “need-to-know.”
Another method for zero trust is network segmentation. This involves implementing subnetworks into your infrastructure. This assures that only those who need certain information are granted access AND deters lateral movement across the network for any nefarious actors (i.e., bad guys).
On a side note, whenever you are asked for your identification when using a credit card or for any such transaction, thank the person for protecting you.
Commonwealth Sentinel is here to help you navigate the ever-evolving and growing cyber security threats we all face. We can evaluate your existing IT security and work with your team to improve it. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.