World Backup Day: Backing Up Your Data Starts with Securing It
Check out why zero trust is key to data protection.
The world of threat variants keeps changing dynamically, making it difficult – sometimes even seemingly impossible to stay ahead of a cyber attacker in this proverbial game of cat and mouse. However, thanks to a relatively new methodology known as Zero Trust, businesses, from SMBs to enterprises, can take steps to protect themselves and their data, says Michal Cizek, CEO of GoodAccess.
An Overview of the Zero Trust Framework
As its name implies, with the zero-trust approach, nobody can be trusted. The mantra here is to keep verifying at all levels, even your employees that have been with you since the beginning. Although it sounds extreme, it has proven to be effective. After all, in today’s era of phishing and cyber threats, do you know who’s logging in with your trusted employee’s credentials?
For a long time, the primary security model has been perimeter defense. In this model, one circle covers the perimeter, and all of an organization’s security tools and technologies focus on keeping that perimeter protected, providing for a solid defense. But remember that this is only one layer, so if a cyberattacker were to break through it, he or she could access just about anything they want to.
Once they’re in, they have nearly unlimited access, especially if posing as an account with high-level permissions. In some cases, attackers exfiltrate high-value data, while in ransomware attacks, they may encrypt it, blocking you from your business data and forcing you to pay a fee to “free” it. In a perimeter-focused cyber defense strategy, these attacks may not trigger alerts until too late since security measures are all looking outward for incoming threats.
Proving Who You Are with Multifactor Authentication
Zero Trust does away with this unimodal way of thinking and relies upon a multi-tiered approach called “micro-segmentation.” A business’s IT, and network infrastructure is divided into different zones. Each one is separated from one another by using what is known as multifactor authentication, or MFA for short. This is where at least three layers of authentication are used to confirm an individual’s identity.
For example, if an employee wishes to gain access to shared resources (such as documents or spreadsheets), he or she might be confirmed by using a combination of the following:
- A username/password combination
- An RSA token
- A Biometric, such as fingerprint recognition or iris recognition
Once the employee has successfully been verified through all three of them, they can gain access to the shared resources in the database server. However, three layers of authentication are typically used, and even more than that can be used, depending on how mission-critical the digital assets are to a business.
The idea of this multi-tiered approach is that if a cyber attacker can break through one zone, the chances of breaking through the others become much lower. Thus, the heart of the business (e.g., datasets about employees, customers, competitors, etc.) is safeguarded. In addition, each zone can have its own unique set of authentication mechanisms. This means that one can have all biometric modalities, another might use an authenticator app along with login credentials, and so on.
This “mix and match” approach gives the Zero Trust Framework a huge advantage over the traditional perimeter defense model. This framework can also be applied to other business areas, especially for physical security. For instance, if an employee wishes to enter their office, they can first be verified with one of the biometric modalities, then by a swipe card, and finally, have their ID double-checked by a security guard before gaining access to their desk.
See More: 4 Reasons Why Multi-Factor Authentication Should Be Deployed Across the Enterprise
VPNs Have Come a Long Way
As robust as this process might be, the Zero Trust Framework can come with its limitations. One of these is the transition to a remote workforce brought on by the COVID-19 pandemic. Many employees work from home today, which makes implementing some traditional MFA methods challenging. Thus, a tool is needed that can support the MFA approach. One of these is the virtual private network (or VPN). Essentially, this tool allows you to communicate with coworkers or gain access through a private channel while using the public internet.
A VPN fitted for MFA can integrate with the Zero Trust model and is particularly useful for SMBs looking to adopt a Zero Trust posture quickly and easily. Many VPNs do not have MFA already set by default, so your network administrator will have to configure it so that MFA is turned on and functional. But another gadget making a splash in the marketplace will allow you to do this much more efficiently: the “Next Generation VPN.” This tool has several distinct advantages over the traditional VPN:
- By default, all end users are denied access to all the shared resources out of the box. Thus, you must produce an MFA approach using any combination of authentication mechanisms.
- They strictly enforce the concept of least privilege, meaning employees are given just enough rights, privileges, and permissions to do their daily tasks.
- Data encryption is now a must, especially for those in transit from the employees’ device to the server and vice versa (technically, this is known as “Data In Transit”).
- Al devices accessed through the Next Generation VPN must be registered and whitelisted into it.
- A complete audit trail is now provided to track any signs of malicious or abnormal behavior in real-time. (This is also useful for organizations subject to regulatory compliance and cyber reporting requirements.)
See More: Re-thinking VPNs for Securing SMBs Against Threats
SOS: Save Our Sensitive Data (with Zero Trust)
It’s stressful enough when a personal hard drive fails, or someone’s laptop becomes infected. When that happens to a business, the situation can be catastrophic. From e-commerce to healthcare to banking, businesses of every size across every industry now handle massive amounts of sensitive data, from customer records to personnel files to operational documents essential to keep the business running. Today’s hackers recognize that every business has valuable data and is a target. That’s why it is essential to protect the business from initial cyber attacks and the loss of customer confidence.
The first step is to back up your data. The second is to make sure you’ve implemented a Zero Trust framework. This can start with something as simple and easy to use as a business VPN. The result? Built-in resilience, with protection from multiple points of failure and the confidence of knowing that, even if attackers breach the perimeter, they still have plenty of hurdles.
How can organizations mitigate the impact of ransomware attacks with strong backup policies? Share your thoughts with us on Facebook, Twitter, and LinkedIn. We’d love to hear from you!
Image Source: Shutterstock
MORE ON DATA BACKUP DAY
