Remote work is here to stay. With more and more workers operating outside the walls of their organization’s secure perimeter, the gateway to cyberattacks is open and the floodwaters are raging. In the past 2 years, cyberattacks have been on the rise (50% more cyberattack attempts per week), and they’re expected to continue rising throughout the near future.
Preventing cyberattacks and unauthorized access to company information is a matter of trust. Traditional cybersecurity solutions set up a perimeter around whatever the organization wants to protect. Users within the perimeter are typically granted some level of automatic trust, and verifications are very few. But once a user is outside the corporate network and using personal devices and public internet connections to access company data, security gaps are exposed, giving cybercriminals the perfect opportunity to attack.
To make remote access more secure, organizations set up VPNs. But a VPN alone is not an effective solution against cyberattacks. In fact, last year’s ransomware hack into the Colonial Pipeline that shut down systems supplying nearly half of all fuel to the eastern United States was carried out by hacking into the company’s VPN.
As cybercriminals get smarter and more innovative with their attacks, a security solution based on perimeter defense alone can easily be compromised by today’s sophisticated attackers.
To improve cyber resilience, organizations are setting up a cybersecurity mesh with Zero Trust security as the core principle. A cybersecurity mesh takes security outside the fortress walls and builds layered security around individual devices for added defense. Gartner predicts that by 2024, organizations adopting a cybersecurity mesh architecture will reduce the financial impact of security incidents by an average of 90%.
A Zero Trust security framework added to a cybersecurity mesh takes data security to the next level. Originally created by John Kindervag at Forrester Research, Zero Trust takes an inside-out approach to designing network security. But Kindervag emphasizes that it’s not a matter of trusted versus untrusted. It’s about constantly assessing confidence that users are who they say they are and that your security processes and protocols are acting as expected.
With Zero Trust, all traffic within a corporate environment is assumed to be hostile until proven otherwise. Every request to access a system must be verified and validated, regardless of the requester’s IP address, purported identity, or type (human, device, service, etc.). If access privileges are granted, they must be the absolute minimum required to carry out the request. To maintain security, all traffic must be monitored continuously at the data packet level to quickly detect and block anomalous content and behavior.
Kindervag offers these four design principles for creating a successful Zero Trust framework:
When you’re ready to get started, Kindervag offers these guidelines for deploying a Zero Trust architecture:
Preventing cyberattacks isn’t easy. However, by designing your data security from the inside out, you can build a stronger defense and increase your cyber resilience. For more information visit our cyber resilience solutions page and stay tuned for my next blog, in which I’ll talk about how to design an effective cyber resilience strategy.
Jason is a business and marketing professional with over 20 years of product marketing, product management, and corporate finance experience. Since joining NetApp in 2008 he has been focused on SAN and NAS storage, backup and disaster recovery solutions, and cloud data services. When not in the office, you can find him cycling, cooking, enjoying time with family, and volunteering at his church and in the community.
Explore a wide range of open forums where you can post questions, share answers and just generally get smart on all the NetApp technologies that matter most to you.