Zero trust in Enterprise networks
Trusting the subjects implicitly in the enterprise network has become a thing of past. Ever increasing information threats enforce organizations to adapt “Zero trust” network security (ZTNS) model from traditional “implicit trust” model. ZTNS banks on refined security processes and practices than personnel reliance. As there is no silver bullet for the enterprise security, this article highlights the critical measures that every organization can attempt to prevent the leakage of confidential information and subsequent damage to its value and reputation.
Asset identification & classification
One of the foremost activities that every organization must perform is to identify and classify its assets. This enables the organization to view the landscape of the assets and its importance. The term “assets” include confidential data, devices, applications, databases, and any sensitive information in (but not limited to) tangible form. This is an essential activity to identify the control measures required to safeguard the assets as the cost of safeguards shall not exceed the value of the assets.
Identity and Access management
Subject requiring access to objects must be authenticated every time irrespective of its previous authenticated state. Implementing strong authentication mechanisms such as multi-factor authentication (MFA) for all subjects would be a recommended approach. It adds an extra layer of security beyond just passwords.
We need to ensure that devices connecting to the network are also authenticated irrespective of its previous state. It involves verifying the device's security posture and compliance with company policies before granting access. The 802.1x based network access control is a recommended approach.
Also, enforcing the principle of least privilege policy while granting / assigning permissions to subjects means granting users and devices the minimum level of access required to perform their tasks.
Network segmentation
Segregate the networks into small functional units based on the assets accessed and the roles that the subjects play. It helps to contain potential breaches and limits lateral movement within the network. Reviewing the network segmentation is an on-going activity whenever a change in the network configuration is introduced.
领英推荐
Continuous monitoring
Continuous monitoring of user and device behavior has proven to be crucial in identifying the security gaps and to detect the threats. It involves monitoring and analyzing network traffic, user activity, network events and other relevant data to detect anomalies and potential security threats.
Data / Endpoint security
Encrypting sensitive data both in transit and at rest is recommended to protect it from unauthorized access. Strengthen endpoint security by deploying endpoint protection tools including intrusion detection & data loss prevention tools, regularly updating software, and also by conducting vulnerability assessments at regular intervals.
Security automation
Automating threat detection, incident response, and policy enforcement would be beneficial in the long run. Security automation can help respond to security events more quickly and efficiently. In addition to these, conducting regular security audits and assessments to identify vulnerabilities, gaps, and areas for improvement would provide assurance to the control measures taken.
?
Zero Trust is an ongoing process that requires continuous monitoring, adaptation, and improvement. Regularly reviewing and updating the security policies and measures, enable the organization to stay ahead of evolving threats.
Follower of JESUS(KALKI). A C++ Data Security (CompTIA Security+ | Cryptography | OpenSSL, CryptoAPI | Directory Programing, LDAP, AD | MS Information Protection, AIP, MIP, RMS | Linux C++ | Azure Docker | ISRO)
1 年1. One of the foremost activities that every organization must perform is to identify and classify its assets. 2. Subject requiring access to objects must be authenticated every time irrespective of its previous authenticated state. 3. Segregate the networks into small functional units based on the assets accessed and the roles that the subjects play. 4. Encrypting sensitive data both in transit and at rest is recommended to protect it from unauthorized access.