Today’s bad actors don’t see barriers, they see opportunity. As the old firewalls protecting the corporate network become obsolete amid the rush to adopt a hybrid workspace, implementing Zero Trust security has become essential to all businesses. Zero Trust cybersecurity is a ‘deny by default’ policy, essentially saying that nothing is trusted UNTIL it’s approved. When a user goes to install a new program, if it’s hasn’t been previously approved, it will be denied. While this seems like a burden to the end user, the software we use has a sophisticated ‘learning mode’ that we enable for a few weeks before turning on full enforcement. This allows the zero trust app to know what ‘normal’ work looks like and allows us to verify and pre-approve 95% of what a user does before we ever turn on enforcement.
This might have you asking, is it necessary to ‘deny by default? Can’t we just trust our users to make good choices?’ And while we would love to say yes, the truth is we all can make bad decisions in a hurry, tired, stressed or some other outside influence has us not thinking straight. The reason that the NSA says pretty much all companies have been hacked is because the bad guys are good at social engineering and getting users to click bad links. Implementing Zero Trust cybersecurity is the BEST way we have to fight off hackers and bad actors today.
Lets walk through what a typical Zero Trust Cybersecurity deployment looks like:
1. Learning - Zero Trust cybersecurity application is installed on all computers and servers in your company and placed into learning mode. While in learning mode the application looks at what programs are run on a daily basis. All of this data is securely collected so we can look at the applications running and then create approval rules for the programs that are required for everyone in the office to do their jobs.
2. Approval – Next we look at all the ‘learned’ data and create rules to approve the applications and we can also create special escalation rules to further minimize impact. An example of an escalation rule is that we can approve all Quickbooks updates that follow certain rules, have trusted certificates, etc. This allows the user to run updates without intervention from our team, streamlining the day to day workflow.
3. Enforcement – Once we are confident we have learned and approved 95% or more of the ‘day to day’, we put all the Zero Trust cybersecurity agents into ‘protect’ mode. This turns on the deny by default rules and only allows what we have explicitly allowed to run and be installed. We then monitor tickets for any requests that might come up and quickly approve and create rules when needed. Typically, there are very few requests, for example the last time we put over 250 agents into protect mode we had less than a dozen requests during the first week (and all of those were approved within a couple hours of the request).
4. Lock It DOWN even more – The product we use for Zero Trust cybersecurity allows us to ‘fence’ in applications. What this means is that we can restrict the QuickBooks file to only be accessed by QuickBooks and not other applications. And we can lock down tools that hackers use like PowerShell and the command prompt and restrict the access to ONLY what is required for you to do your work. By restricting the access of legitimate programs, we make it much harder for a hacker to move around your network and significantly improve your cybersecurity posture.
How important is Zero Trust to the future of cybersecurity? Well, back in February 2022 CISA (The Cybersecurity and Infrastructure Agency) released guidance advising everyone that Zero Trust is the future of cybersecurity and urging companies to deploy it. Zero Trust is one of the major tools to get ahead of hackers instead of just playing defense.
Looking for better cybersecurity for your business - check out our Cybercare services to help secure your business.
