Much of the plot of the recent film Uncharted, based upon the video game franchise of the same name, revolves around the level of zero trust that the central characters have in each other.
The plot involves a couple of treasure hunters setting out on an adventure across the globe to find Magellan’s lost gold, in a race against time, before it is found by a corrupt billionaire and his mercenaries. Given the billions of dollars in gold at stake for the finder, it is hardly surprising that the film involves many scenes of double cross, lies and deceit and constant warnings not to trust anyone, and this from players on the same side.
In other words ‘Zero Trust’.
It’s a term that has permeated into the latest IT vocabulary these past few months and may have even have peaked your curiosity enough for you to investigate what it means. Do you need to buy the latest Zero Trust solution? Is your organisation fully protected with Zero Trust?
Well, the thing with about Zero Trust is that it doesn’t actually exist as a physical entity – it’s best described as a framework or a state of mind.
Zero Trust is a security approach that seeks to rectify the issues of traditional perimeter security environments. It simply prescribes security at the resource access level, no matter where the resources live or how they’re accessed. In essence Zero Trust assumes that there already resides ‘an enemy within’ with access to the network layer rather than focus all the defences on the perimeter.
The reality of today’s security landscape is that cyber-attacks are on the rise, and that eventually an organisation’s perimeter will be breached. In many high-profile ransomware cases over the recent months, it has been the lowly email phishing scam, unwittingly opened and actioned, that has led to catastrophic system failures.
With working from home or remotely the new norm, the ability to protect all unmanaged end points becomes critical and this is where Zero Trust is the best means of protecting an organization from today’s cyber threats.
The starting point for implementing any Zero Trust strategy is visibility or simply put – an audit. Organisations need to understand where the areas of high risk are and prioritise their responses and actions. From here, organisations should then limit access proactively – either starting with mission-critical assets or protecting larger scale environments – to contain threats and effectively minimize business impact post-breach.
The goal is to give “the right people the right access at the right time” based on the premise that no person or device anywhere can have access until safety and integrity is proven
People are key. Training is key. Awareness is key.
For organisations looking to roll out zero trust there is no simple solution, as stated previously, there is no ‘Zero Trust in a box’ or silver bullet product – its complex, time consuming and requires buy in – both in terms of budget and resources but it doesn’t need to be an uphill climb.
It will involve, multiple components and typically a ragbag mix of legacy, refreshed and new solutions, all being finessed into a single architecture. Utilising cyber security experts such as vXtream to help with the process of implementing a Zero Trust strategy can help, particularly if you are using hybrid cloud and complex storage solutions.
But it’s worth starting now, the risk of delay is too high.
As Victor Sullivan, a lead character from the film, states: “There’s only one rule in this game, kid. Don’t get caught”