In this Zero Trust blog series, we’ve defined what the Zero Trust security model is; its core principles and benefits; how to implement a Zero Trust model including common challenges; and we walked you through a day in the life of an employee working in a high-performance workplace. Now we’re going to address some common misconceptions about Zero Trust.
Read the full series here:
Unless you work in IT security, the concept of Zero Trust may have caused misconceptions as to what it is, who it’s for, the implications and even the name of it! We clear things up with the most common misunderstandings around this topic.
Contrary to how it sounds, Zero Trust does not mean a security system that isn’t trustworthy. Quite the opposite. If you use a Zero Trust security model, you can have far more faith that your corporate systems will remain secure. It refers instead to the concept that every request to access a corporate system should be verified first, rather than trusted.
While there are several different types of technologies needed to create a Zero Trust security architecture - like Identity & Access Management (IAM), Multi-Factor Authentication (MFA), End Point Security, and secure web gateways - Zero Trust itself is a concept or framework only, not a specific technology.
Actually, implementing a Zero Trust model can save you money. Often organisations have multiple security tools that all perform the same job. By assessing what tools you already have, you can identify duplicates and remove them, saving on licensing costs. What’s more, many organisations already pay for Microsoft technologies that have the security features that can enable a Zero Trust model, they simply aren’t using them. Finally, Zero Trust will help reduce the risk of cyber-attacks and the related costs associated with ransomware, downtime, and reputation damage.
Unfortunately, Zero Trust is not a checklist exercise that can be done and forgotten. It requires constant monitoring and updating. Even if you followed best practice when setting it up, vendors regularly bring out new feature sets to support Zero Trust, which means constant improvements can - and should - be made to protect against evolving security threats.
This is particularly true when it comes to the ongoing challenge of securing legacy systems. As new technologies emerge, organisations need to consider how they can add things like identity and access management to legacy ERP systems, CRM, file servers or RDP farms. Luckily, the modern security tools automate a large part of the monitoring so while it can’t just be done once and left, the tools are designed to alleviate workload.
It can be easy to think that having to request access or go through MFA every time you try to log onto a system will impact productivity negatively. But Zero Trust architectures are actually a lot less complicated than legacy security architectures. If the planning stage of a Zero Trust framework is done well, with robust policies set up and with constant monitoring of the system, employees very quickly adapt to this new way of working. And the ability to work securely from anywhere on any device, rather than being tied to an office or being unable to access certain resources as needed, means employees can actually achieve more.
Various reports estimate that between 30% and 46% of SMEs have experienced a data breach in the last few years, which reinforces the need for these organisations to have the same level of protection as larger enterprises. SMEs are often in a better position to implement Zero Trust as they have less complex existing systems and often already have the relevant technologies in place.
Zero trust should rely on automation and signals as much as possible, negating the need for a large team. In a legacy environment, if an account has been compromised, the IT team has to lock the account out and do their investigation, which takes time. In contrast, in a well architected Zero Trust environment, a signal would be picked up that the account was compromised and it would automatically check and resolve the issue.
If anything, Zero Trust helps organisations eliminate duplicate security products. There are key technologies that are needed but the idea behind Zero Trust is to build a streamlined architecture that cuts out waste, making existing products work harder.
Discover how the Microsoft security suite delivers a Zero Trust model.
If you want to understand your current security score and how you can move towards a Zero Trust model, request a free one hour envision workshop with SoftwareOne.
If you want to understand your current security score and how you can move towards a Zero Trust model, request a free one hour envision workshop with SoftwareOne.
