Trusting zero trust

Andy Horn, CEO, IntraLAN, explains why MSPs should prioritise enabling customers to adopt a zero trust cybersecurity model.

The security of our corporate networks has never been more at risk. The complexity of infrastructure serving not just offices, but hybrid locations and remote workers, and the permanent adoption of BYoD and BYoPC models renders organisations vulnerable to attack.  

Networks are now accessed by multiple devices, from multiple sites, on-premise and in the cloud, and it is becoming increasingly challenging to ensure that every access point and user account is secure.   

This is why the concept of zero trust network management is gaining popularity. 

Trusting zero trust 

Protecting access to data means understanding how it flows across the network, its importance, and monitoring the activities and permissions that surround it. Instead of securing networks and applications, a zero trust approach creates user and device perimeter policies, erecting a wall that permits access only to what users need, enabling the network to be protected at scale. 

Adopting zero trust means moving away from the manual orchestration of security for which most organisations have little time or resources. The process of monitoring and altering servers, clients, devices and routers, and creating rules for every system and application is unfeasible.   

Instead, the most sensitive data assets, where and how they are stored and accessed, and the key security vulnerabilities they face should be assessed. This helps to identify the micro perimeter and helps create a programme that puts robust security controls in place.   

The idea of implementing zero trust can be daunting for some organisations with concerns about the demands it will make on security and IT teams already under pressure. Others may feel that they simply don’t have the resources or the in-house cybersecurity skills to manage the process themselves. This is where using a managed services provider (MSP) can help.  

Managing zero trust  

The most obvious benefit of a partner that specialises in zero trust network management is that they bring a wealth of knowledge, not just in how the model can be implemented from a practical perspective, but in how the organisation’s improved security posture will positively influence its business outcomes.  

MSPs draw on their experience to specify and implement the right zero trust architecture and a cybersecurity regime that will meet the particular requirements of that organisation. They ensure that regulations are observed, business continuity is maintained, and downtime is kept to a minimum.   

While different MSPs take different approaches, fundamental to success is a tightly integrated security platform. This should integrate with the organisation’s existing IT, networking and cybersecurity infrastructure to observe and gather vital information about the flow of data across the network.  

Understanding this allows the micro perimeter policies that control user and device access to be automatically created. This autonomous approach is seamless and scalable, giving organisations confidence that their systems and data are fully protected. 

Zero access equals zero risk 

The ultimate goal is to eliminate trust and enable improved security, however zero trust models are not built overnight.  

User behaviour, application usage and risk are monitored constantly so adjustments can be made to ensure critical data, assets and services are available without exposing them to attacks. Some platforms implemented by MSPs, for example, will allow users to gain additional access to the resources they need on occasion, using multi-factor authentication. This means that a user will need to provide more than just their password, and usually involves a two-factor authentication process, such as entering a code sent to their mobile phone.   

As well as managing user access, a zero trust system will also prioritise one of the biggest threats to the network – unmanaged devices. The system will implement strict controls, monitoring every device, regardless of its location as it tries to access the network, enabling only those that have been authorised as secure.  

Organisations grappling with rapid innovation and a constantly moving workplace environment seek the reassurance of protection for their networks, solutions and data.  

Adopting a zero trust model, and more importantly, putting its implementation and management into the hands of experts removes the burden from internal resources. This ensures that security policies are constantly monitored and updated, allowing the business to enhance their security posture and protect one of its most valuable assets – its data.