How to Fearlessly Implement Your Zero Trust Strategy
“Zero What?”
So what does Zero Trust mean? Zero Trust has been a term that has been around a long time. Remember the X Files? Agent Molder would always tell his colleagues – “Trust no one”. That pretty much sums it up. You don’t trust anyone who is trying to access the network or company resources. Period.
Zero Trust differs in many ways from our traditional view of trust. Think of it this way, we all have locks on our doors at home. We know that if we give our keys to someone they can enter our house. But, we may not know “who” is entering since the keys could really be used by anyone. Now, what if we could only allow the keys to work if the person we explicitly gave them to showed up to use them? We use his/her “identity” to verify them before allowing the keys to work.
Under a simple two factor authentication process, we would require them to have the keys and know a PIN or some other password in order to enter. We cannot validate or verify who the person really is, only that they had the keys and knew the PIN or password.
Under Under multi-factor authentication we can begin to provide intelligent and biometric levels of authentication to augment the keys. For instance, now we may ask them for a fingerprint or face-ID (like on an iPhone) in addition to a PIN or password.
This allows us to know that the “identity” of the person entering our home has been validated and we won’t be disappointed later to find a stranger has eaten all of our snacks.
“I’m doomed.”
“Hmm. This sounds more complicated.” Well, you are not wrong. In a way, it is more complex. For instance, now a user must use an authenticator app, password and /or biometric data to access resources.
So how is this better? It provides an extra layer of protection and complexity to foil hackers. Unfortunately, sometimes what foils hackers can also create unintended difficulty for our users and adversely impact productivity. “They will tar and feather me!“ Not so fast….
We learn from our mistakes.
We can agree that making access more difficult for hackers is good, but it can be detrimental for our users mental health. So how do we simplify it? The good news is that companies like Microsoft have taken the bull by the horns to help ease this burden and keep the tar and feathers where they should be.
Using technologies like Azure AD (Active Directory), users can begin to enjoy an easier way of signing on each day. Password-less entry removes some complexity as does single-sign on. This makes it as easy as “being you” and still accessing what you need. The use of a biometric factor means that “you” become the complex password in the equation. Super easy right?
In addition, by implementing single-sign on (SSO), the user merely needs to login once while his/her credentials follow them while using resources and applications.
Zero Trust Principles
“I’m not optimistic”…GOOD!
Zero Trust doesn’t leave any room for optimism. We don’t trust you unless you show us who you are. We won’t allow you to have access to anything above what you need, and we are assuming you don’t really belong there in the first place.
With these simple principles, you will have a solid foundation for implementing a cyber-security program within your organization.
Adopting a Zero Trust mindset can be tricky and counter-intuitive. Just keep in mind that you can be the pessimist, while offering your users a meaningful way to participate and reduce their burden. There are a few additional benefits to Zero Trust as well.
Anytime. Anywhere.
Many organization are still using VPNs to manage connections to network resources. One side benefit of Zero Trust is that these cumbersome, archaic VPN connections are no longer needed or recommended. Think about it. You establish a VPN but do you really know who is at the other end? Then why are you trusting the connection?
With Zero Trust, you can allow the users to have the freedom to connect without restriction because you are validating their identity, not just the tunnel or device they are using.
Okay, Maybe Be A Little Optimistic
In short, there are numerous reasons to adopt a Zero Trust framework. Many involve providing greater freedom to the end users and simplifying the overall user experience for access while creating stronger security.
So, stop worrying about getting tarred and feathered. Take a gander at the following articles to get acclimated. If you want to talk this over with some really nice people, give eGroup a call. We would be happy to assist.
To learn more about Zero Trust and password-less login, use these links:
Microsoft Zero Trust Framework
Work with our team of Cloud Computing Consultants who have “been there done that” multiple times to know all of the “minefields” to prevent missteps.
Security Solutions Advisor - eGroup