Nowadays, data has become corporate lifeblood. As a result, executives focus on trying to find ways to leverage it for corporate advantage. However, as organizational reliance on data has grown, so has the need to protect it. Currently, many organizations are lagging behind in implementing strong data protection solutions, opening themselves up to possible breaches and meeting compliance regulations. One way they can close the gap is by designing their solutions to use a zero-trust security approach.
The rapid use of data has resulted in a growing number of regulations mandating that enterprises protect the information, which is applicable across many industry domains. Some of the relevant compliance standards when planning an enterprise solution are:
- The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is “a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.”
- General Data Protection Regulation (GDRP) is a set of privacy and security laws that outline obligations that organizations must follow if they collect data about individuals living in the European Union.
- California Consumer Privacy Act (CCPA) of 2018 provides consumers with control over the personal information that businesses collect about them.
- The National Institute of Standards and Technology (NIST) Cybersecurity Framework is a set of security guidelines based on existing standards and best practices that provide guidance, so government agencies ensure digital data privacy.
- The Center for Internet Security (CIS) Benchmarks are configuration baselines and best practices designed to secure computer systems that identify, develop, validate, promote and sustain cybersecurity best practices.
Corporations Struggle To Protect Confidential Data
However, the traditional way to protect confidential information is proving to be lax in many organizations for a few reasons. First, cybercrime has proved to be a large and thriving global business. Cybersecurity Ventures predicted that cybercrime would inflict damages totalling $6 trillion globally in 2021 and is expected to grow by 15% annually during the next five years, reaching $10.5 trillion in 2025.
Why are so many attacks successful? Legacy cybersecurity tools secure information at the network edge, the place where the user enters. There, organizations deployed solutions like firewalls that were designed to keep intruders out of the enterprise network. Once someone got past that security checkpoint, corporate systems usually assumed that that user was legitimate and often put few—sometimes, zero—additional security checks in place as they moved from system to system.
The flaws in that outlook became crystal clear through the years. Cybercriminals successfully breached systems at many of the world’s leading, most sophisticated organizations, including financial institutions and government agencies. They stole money, used personal information for identity theft and took intellectual property.
The Rise Of Zero-Trust Security Solutions
In response, interest in a new cybersecurity concept, zero trust, has emerged. NIST defines zero trust as “an evolving set of cybersecurity paradigms that move defences from static, network-based perimeters to focus on users, assets and resources.”
This approach does not focus security checks on the network perimeter. In fact, a big difference in this approach is that security is no longer a one-time check when a user enters the network. The resource assumes that a request for any resource may come from a nefarious source, regardless of whether it arises from a user inside or outside of the enterprise network.
Consequently, additional safeguards are enacted before users are granted access to any enterprise computing resource.
Deploying a zero-trust solution is a major undertaking that requires time, thought and effort. Forrester Inc. recommends that a company consider the following questions to start the process.
- What are the company’s most valuable assets?
- Which steps could they prioritize to better secure them?
- Who is currently invested in zero-trust at the company, including team members, stakeholders and leadership?
- Did we miss anyone who could help drive our zero-trust initiative forward?
- What could we prioritize to incite progress on slow-moving items?
- How can we replicate from areas where the organization excels?
Corporations then need to turn the answers into enterprise zero-trust architecture blueprints to understand what type of security solutions they need to deploy. Rather than focusing on point products, they must view security cohesively, take a layered approach to secure corporate and customer data and find solutions that work well together. Implementing zero trust requires establishing strong user identity, device health verification, validation of application health and secure, least-privilege access to corporate resources and services.
The process is complex, and many companies have trouble creating a strong framework. Methodologies abound; for example, Microsoft Corp. crafted a 12-step process to ensure zero trust. The work begins by choosing an identity management system and ends with continually training staff members, so they are aware of the latest threats and understand how to use tools to thwart them.
Zero-Trust Solutions Gain Traction
With zero trust, security checks are enacted whenever someone or something accesses a company resource or runs enterprise software. The idea is to ensure that only authorized individuals access those materials. With such solutions, businesses can not only improve their security profile but can also ensure that the organization complies with the growing number of data security regulations.
Because of the many potential benefits, the use of zero-trust solutions is growing. The global zero trust market revenue is expected to rise from $19.49 billion in 2020 to $69.85 billion in 2028, a CAGR of 17.2%.
Information has become a fundamental building block in many modern organizations. They collect more of it than ever before but struggle to protect it. Businesses need to examine their current security architecture and update it to a zero-trust architecture. The process starts with a thorough self-examination and ends with a comprehensive deployment plan. Only then can they protect their most vital corporate asset: information.
The post "Enterprises Need A Zero-Trust Security-Based Approach" was posted on Forbes authored by Vinette Aurora, CTO.