What We’ve Learned About IT Security from Past Network Breaches

Ryan Benator, Chief Architect at ivision April 18, 2022

With the rise of cloud connectivity and the remote workforce, the perimeter of enterprise organizations has greatly expanded. We’ve moved on from an original perimeter of endpoints, on-site users, servers, applications and data centers to a new identity perimeter that includes vendors and contractors, personal and mobile devices, remote employees and cloud infrastructure and applications.

This has made it increasingly difficult for security and IT teams to verify user identities. What is now needed for authentication protection is the adoption of a Zero Trust security model.

What Is Zero Trust?

Zero Trust entails a shift from traditional network defenses to a more comprehensive model that requires all users, no matter their location, to establish device and user trust with every access attempt before they are granted access to any application. Thankfully, taking a Zero Trust approach doesn’t require a complete reimagining of your network infrastructure.

A successful Zero Trust solution should layer on top of your ecosystem, including your hybrid environments. The focus is to put more controls around identity for access to the new perimeter, ensuring only the right users and secure devices can gain access. Zero Trust measures also secure all connections within applications and across multicloud environments and secure device connections across the network and between IoT devices. So where does your organization begin?

Establish User Trust

The first step toward architecting Zero Trust for your workforce is verifying user identities as soon as they log in to your cloud or on-premises work applications, services or platforms. Start this process by implementing a scalable, frictionless, multifactor authentication (MFA) solution.

Your organization’s MFA needs to eliminate the threat of attacks stemming from compromised credentials by providing flexible authentication options that fit a broad range of users, security profiles, and technical backgrounds that include employees, frequent travelers, contractors, vendors, customers, partners and more.

The MFA should allow administrators to customize and enforce which authentication methods can be used based on security level, from standard security access to high-risk applications. These methods can range from easy-to-use mobile push notifications to phishing-proof U2F security keys and biometric-based web authentication systems.

For ease of administration, choose a cloud-based MFA solution that requires minimal infrastructure and staff. This will help reduce the burden on your organization’s IT personnel. Also, look for features such as auto-enrollment, administrative APIs for scalable user provisioning, and options to synchronize users from existing directories such as Active Directory and Azure AD.

Gain Visibility into User Devices

Your MFA solution will need to provide insight into what devices are connecting to your organization’s applications and data and show visibility across every type of platform. This will include all desktops, laptops and mobile devices, whether they are corporate property or personally owned.

Platforms also include all operating systems like Mac, Android and Windows; browsers such as Chrome, Firefox and Edge; and plugins like Java and Flash. Your organization can reduce the need to access different data systems by implementing one centralized dashboard to give your administrators oversight across every platform.

Establish Device Trust

To establish device trust, administrators need visibility into user and device risks. At login, your security solution should check the security health of all user devices attempting to access the network and applications. This includes inspecting and controlling device access based on both mobile and personally owned devices.

Your security solution will also have to consider BYOD (Bring Your Own Device). These devices can be tricky, as they may not meet desired security requirements or they may be running old software versions that are prone to vulnerabilities. However, a comprehensive device visibility solution should readily identify whether certain security features are enabled or disabled, as well as the device’s security posture.

Keep in mind that many compliance regulations and auditors require user activity and device security logs and reports. Your organization’s device visibility solution should give administrators access to detailed reports on user behavior and risky devices, with insight into authentications, users, administrators, policies and more.

Enforce Adaptive Policies

By leveraging the visibility of devices connecting to your applications, your administrators should be able to establish device-based contextual access policies to help prevent any risky or untrusted devices from accessing your applications.

These policies should evaluate risk based on attributes such as location, user role and device type, providing dynamic control over who and what can access certain applications, including allowing only the minimum amount of access required for the task at hand.

Contextual access policies also need to balance security with usability. Your organization should be able to enforce policies that grant a higher level of access to administrators and privileged users while ensuring only developers have access to production environments and cloud infrastructure.

Enable Secure Access to All Apps and Environments

Can you give your users a secure and consistent login experience to both on-premises and cloud applications? When you enable secure access to all applications, users get a consistent login experience with centralized access to both on-premises and cloud locations with a secure single sign-on (SSO). This includes all cloud apps like Google Box, Dropbox, Slack, Office 365 and more.

Extend SSOs to applications by using MFA to separate user primary authentication methods from secondary methods. This shift from depending solely on one authentication provider will help avoid vendor-based breaches that can expose both methods of authentication.

Also, ensure secure access to remote locations like multicloud environments such as AWS, Azure, and Google Cloud Platforms, Infrastructure and DevOps environments, internal Linux servers, HTTPS web applications and SSH servers and virtual private networks (VPNs).