7 Zero Trust best practices for 2022
Discover how Fortune 500 companies are approaching Zero Trust. In this guide, get trending, strategic and practical information. See Zero Trust best practices that can help you achieve a stronger cyber security posture and keep your users, devices, systems and networks safe ’round the clock, from anywhere.
Over 70% of organizations have either adopted Zero Trust, or plan to in the near future. Zero Trust now represents a key security priority, and effective implementation is a must for this security model.
Table of contents
What is Zero Trust?
More flexibility, better security, less budget required – it all sounds good. But what is Zero Trust, really?
Zero Trust is a cyber security principle that refers to authenticating user identities. It’s the digital equivalent of checking IDs, and requiring coronavirus rapid testing at the door; preventing unnecessary access, especially if there are infections.
It’s a context-aware analysis and verification of trust designed to prevent adverse outcomes. When applied correctly, the principle of zero trust ultimately reduces implicit cyber security risk.
Zero Trust is built upon several fundamental concepts. These include:
- Authentication and authorization of every user, device and network flow
- The network should always be presumed hostile
- Recognition of the need for dynamic policies
- An understanding of the fact that external and internal threats can reside on a network 24/7
Among other key principles.
Around the world, organizations are shifting to a Zero Trust approach. No user, device or network is to be trusted by default. Not outside of the security perimeter. And not inside of the security perimeter.
However, reconfiguring a security framework and apparatus to accommodate Zero Trust can be a complex and convoluted process, resulting in security gaps. Consider working with a cyber security vendor. In addition, or as part of an alternative approach, read through the Zero Trust best practices outlined below.
1. An initial security assessment. A not-to-be-missed Zero Trust best practice consists of first understanding your overall security risk. Know your organization’s attack surfaces, weaknesses and high-value hacker targets.
As part of this security assessment step, be sure to review credential access across your organization. Review and remove old or unused accounts. For remaining accounts, see to it that privileges are necessary and that they pertain to current users.
Do a seek-n’-find for gaps within the existing security infrastructure. Take care to address gaps before moving ahead with other plans.
2. Data transparency. The next Zero Trust best practice pertains to data management. Map out where your data is located. Determine who needs access to it. Leverage passwordless authentication to further secure the network. Limit data access to necessary processes, persons, systems…etc.
3. Strong device identities. Developing strong device identities is critical when it comes to Zero Trust best practices. Device identity represents the basis for authentication, authorization and other security mechanisms. Device identity has to be strong.
To advance your device identity protocols, attach identity to a device – not a user. In so doing, ensure that devices remain identifiable in the absence of a network connection or if they remain behind a NAT device.
– Networks need to verify devices. A device should not be able to claim multiple identities or identity modalities that could cause confusion.
– Device identities must remain consistent, even if the physical hardware is replaced or repurposed.
– IT admins need controls that enable them to check on whether a devices is still in use or whether it has been decommissioned.
– A device needs the ability to prove its identity when connecting from different networks, including public networks.
4. Secure communication channel. The next Zero Trust best practice involves ensuring that communication channels within Zero Trust architecture are secure and trusted. Administrators must apply safeguards that prevent eavesdropping, message modification and other threats.
Communication channels between devices need to prove integrity and authenticity of communications exchanged therein. Communication channels may also need to support:
- Safeguards that prevent denial of service (DoS) attacks
- Authorization of user requests
- Authorization of devices
- Time-controlled access related to the time of day or a users’ typical location
5. Network segmentation. An ultimate Zero Trust best practice includes use of network segmentation. This helps protect data and services from untrusted or unintentional access.
When focused on network segmentation, leverage VLANs, firewalls, IDS/IPS and other security controls. These security controls should function to protect resources from external and internal threats.
6. Multi-factor authentication. Data leaks, password spraying and plain old credential theft make multi-factor authentication essential. Experts recommend multi-factor authentication regardless of the user. Whether it’s a privileged end user, a partner or a customer, organizations ideally want to have multiple verification layers. In circumstances where users need to access sensitive data, multi-factor authentication represents an elemental Zero Trust best practice.
7. Automation and orchestration. Eliminate time-consuming and error-prone manual work. Adopt automation and orchestration capabilities.
Here’s how to reduce the security admin workload:
- Convert repetitive security tasks into customized workflows that are automatically executed. Ensure that they are scheduled and event-driven.
- Delegate policy management to relevant centralized management groups or departments to reduce unnecessary communication and coordination.
- Ensure dynamic linking of objects in the security policy to external object stores (Microsoft Active Directory or Cisco ISE) in order to free up staff time and to decrease human-error type mistakes.
Automate incident detection and remediation.
- Integrate security controls with the SIEM system in a way that offers robust insights into security incidents. Ensure that the integration goes both ways. So after the SIEM performs analysis, it should be able to trigger policy changes or provide indications of compromise for enforcement purposes.
Leverage APIs to integrate with the ecosystem.
- Leverage the APIs of security solutions and products to integrate into systems. These systems include: SIEM, network management, identity awareness, compliance testing and auditing, ticket and workflow management.
Cyber criminals retain access to broader attack surfaces and a greater number of entry points than ever before. After cyber criminals enter systems, they can pinch sensitive and valuable data for months ahead of detection. In most cases, it takes six months to zero in on a data breach.
Application of Zero Trust best practices can empower any organization to achieve a stronger security posture and can advance protection of critical resources; from personnel, to platforms, to products to intellectual property. It is time for a new security paradigm.
- Zero Trust Network Architecture – Buyer’s Guide
- Understanding a particular Zero Trust journey from the lens of a CISO at an American healthcare payer – Here
- Actionable Zero Trust info to help you actualize a better security strategy – Here
- Zero Trust Network Architecture in the new normal – News
- 7 key considerations: Zero Trust Network Architecture – Article insights
Did you enjoy this best practices for zero trust security article? To receive more timely cyber security best practices, news, reports and analyses, please sign up for the cybertalk.org newsletter.