Jan-Feb-Mar 2021
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
SECURITYUPDATE<br />
ZERO TRUST<br />
VED SEN, DIGITAL EVANGELIST, TCS, EXPLAINS HOW<br />
MODERNISING OUR APPROACH TO CYBERSECURITY CAN<br />
ALSO EMPOWER BUSINESS GROWTH<br />
The risk of cyberattacks has increased<br />
steadily in recent years but the<br />
COVID-19 pandemic has made<br />
these threats even more of a reality. With<br />
65% of employees around the world<br />
working from home, according to a new<br />
study from Tata Consultancy Services, and<br />
40% expected to continue to do so in<br />
2025, it is unsurprising that cybersecurity<br />
is top of mind for companies of all sizes.<br />
This change in how businesses are<br />
operating has opened the door to<br />
opportunistic cybercriminals, who are<br />
seizing the opportunity created by the<br />
global crisis. From COVID-related<br />
phishing schemes to Remote Desktop<br />
Protocol attacks, which have soared by<br />
140% in Q3, cybercriminals now have far<br />
easier access to company networks. This<br />
means having a strong VPN is no longer<br />
enough to keep your organisation safe.<br />
The traditional approach to cybersecurity<br />
tends to focus solely on external threats,<br />
with IT teams using firewalls to secure the<br />
network perimeter. However, if this<br />
perimeter is breached, the entire network<br />
is put at risk, which can lead to<br />
unimaginable losses.<br />
Companies are now facing newer, more<br />
sophisticated and pervasive threats, which<br />
if left unaddressed could result in<br />
shutdowns across entire industries. It is<br />
therefore essential that businesses turn<br />
their focus away from simply ensuring<br />
compliance and following the outdated<br />
philosophy of "trust but verify", as this only<br />
goes as far as securing the network<br />
perimeter. For a truly robust stance on<br />
cybersecurity, organisations must close as<br />
many loopholes as possible - whether<br />
external or internal - so no opportunistic<br />
criminal can exploit the network.<br />
At the same time, the challenge for<br />
cybersecurity is that while nobody<br />
disagrees with the need for the best<br />
possible security model, it is often seen<br />
across business as an onerous and often<br />
over-engineered impediment to getting<br />
work done on a day to day basis. It is<br />
absolutely critical for cybersecurity teams<br />
to work closely with businesses to<br />
understand their needs and to build<br />
context aware models that actually enable<br />
work. Cybersecurity can and should<br />
improve the employee experience.<br />
A more resilient model equal to today's<br />
challenges begins with the premise of<br />
"never trust, always verify". A Zero Trust<br />
Security Model enables cybersecurity to<br />
become more adaptable to emerging<br />
threats and changing access needs. It also<br />
takes into consideration the context of<br />
requests for any protected resource. It can<br />
detect threats in real time and take<br />
immediate action to protect an<br />
enterprise's data, devices and operations<br />
in ways reused passwords and VPNs no<br />
longer can.<br />
Zero trust relies on eight core principles<br />
and associated technologies:<br />
1. Never trust. Always verify<br />
Today, nearly all work takes place in a<br />
networked environment. Where systems and<br />
resources are spread across the cloud and<br />
can be accessed in any way via any smart<br />
device, no single security check can suffice<br />
for overall security. Instead, the secure<br />
approach requires validation for any<br />
identity before access can be permitted.<br />
2. Purpose-driven access<br />
Earlier methods, such as a "one-time<br />
password" sent to an email address via<br />
internet protocols, no longer suffice; they<br />
are too prone to compromise. Instead,<br />
access must be contextual and timebound<br />
to deliver required business<br />
outcomes. Password-less multifactor<br />
authentication (MFA) is both more secure<br />
and faster for users.<br />
3. Continuous risk-discovery, real-time<br />
treatment<br />
A "find to fix" approach should replace the<br />
long cycles of audit, testing and<br />
14 NETWORKcomputing JANUARY/FEBRUARY <strong>2021</strong> @NCMagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK