Zero trust is a set of security principles outlined to protect your data
Why would we care?
Let us rewind back to Friday 12th May 2017. The NHS was one of many businesses affected by a ransomware attack. This caused the NHS to be at a standstill for several days with thousands of hospitals and GPs affected. As a result of this, thousands of appointments were cancelled along with emergency patients being relocated. Key services affected included ambulance dispatch, mental health services, patient referrals, emergency prescriptions – the list is endless. Could something like this have been prevented if zero trust principles were incorporated?
Why is it important?
Zero trust can protect your organisation. It stops malware from entering your network and reduces risk with remote working. For example, issues could arise from your device being on an unsecured home network. It reduces complexity with different cybersecurity tools and lowers costs for your company.
On top of this, the implementation of zero trust doesn’t need to be from scratch as it can be a seamless process helped by first identifying specific applications before then utilising your own cloud provider’s zero trust policy resources, such as policy enforcement or multi-factor authentication. Regardless of the cloud provider, the journey to start using these tools can be easy with costs kept to a minimum. If the NHS had followed zero trust principles, the disastrous effects of the ransomware attack could have been avoided.
Process and Impact
Securing sensitive data is a number one priority for many businesses. Therefore, implementing zero trust will make sure only those who are authenticated and authorised have access to the resources they need and at a time they need it. These can be enforced by the likes of privileged identity management and multi-factor authentication. Businesses should continuously be validating the identity of users or entities whilst also ensuring that the protection of stored data is encrypted. This will prevent data being exposed and used by unauthorised parties.
As we move to remote working and hybrid cloud, it is not an easy thing to set up what we would define as a network perimeter. We don’t want to give too much access but at the same time we don’t want to restrict the access so much that employees can’t do their work efficiently. Therefore, by implementing zero trust, no matter where someone is, they would securely be able to access the resources they need to.
Within a zero trust architecture, monitoring will become the key focus for users, devices and resources. This includes the way you can collect analytics and analyse your network, user behaviour and times that the data is accessed, plus the locations that the data is accessed. As you analyse this data, this will give you greater visibility over your estate and monitoring can flag any abnormal behaviour which can be dealt with by enforcing policies.
What will happen if I don’t use it?
What were the disastrous effects on the NHS? The Department of Health and Social Care reported that it estimated around £20 million was lost during the attack followed by another £72 million from the IT support to restore data and systems. This also affected people’s ability to seek medical treatment at the right time. If you don’t follow zero trust principles, private data could be accessed or stolen, increasing costs for your organisation, whether that be through restoring compromised systems or increasing cybersecurity tools used. In addition to this the reputation of your company and the trust that clients have towards your company would suffer.
What can GFT do?
Here at GFT, we have a range of different engineers across different cloud providers who can offer their skills for businesses to adopt zero trust. We can be there from the beginning of the journey by firstly helping you identify your most sensitive data. We can then continue to help with the deployment of zero trust resources to protect your data, also making sure that the right tools are in place for monitoring your cloud estate so that you have the upmost confidence your data is safe and protected.