Zero Trust

The need for organizations to recalibrate and reprioritize their Zero Trust efforts has been abundantly clear for years, and recent vulnerabilities like those with Microsoft Exchange and Google Chrome have further magnified the need for improvement. However, the conversations surrounding how to mitigate these threats and adopt a framework of actual Zero Trust have become increasingly oversaturated.

Rather than throwing around industry buzzwords and "talking the talk," the cybersecurity community must understand that the luck they’ve encountered playing one of security’s most dangerous zero day games is likely to run out in short order. Instead, they must focus their efforts on "walking the walk" by implementing a model of Zero Trust. Thanks to a recent industry survey and accompanying report, there are a handful of trends that are already in motion as organizations and cybersecurity professionals alike work towards adopting a true Zero Trust environment.

Protecting legacy systems usually means segmenting them from points of compromise in the network. But the traditional approach using a legacy firewall for each machine is ineffective and costly.

Microsegmentation specialist Guardicore is announcing new capabilities for its Guardicore Centra product extending zero trust policies and granular microsegmentation to legacy systems including IBM iSeries AS/400 servers.

As enterprises move more data to the cloud and grant higher levels of third party access, attackers are increasingly targeting non-traditional user populations that may not be adequately protected.

But a new survey of CISOs from identity specialist CyberArk shows that security teams are shifting to zero trust in response to these changing attack patterns.

A new report from Akamai looks at the technology shifts and usage patterns of 2020 noting a 30 percent jump in internet traffic thanks to COVID-19 lockdowns.

It also highlights criminals taking advantage worldwide, targeting all business sectors and industries, including information technology and security.

When the coronavirus first appeared, organizations everywhere were forced to accelerate digital transformations to comply with stay-at-home orders and maintain business continuity. Now, thanks to the heroic efforts of IT and security teams to adapt to new challenges, we have a luxury we didn’t just over a year ago: time.

Today we can proactively think through new technologies and make long-term, strategic decisions about how they affect organizational strategy. And one of the most valuable ways that security pros can get ahead of the next challenge is by thinking through and scaling up their organization’s zero-trust mentality. Let’s look at what we mean by 'zero trust' and some tips for implementing it effectively:

We've already looked at the possible cybercrime landscape for 2021, but what about the other side of the coin? How are businesses going to set about ensuring they are properly protected next year?

Josh Bregman, COO of CyGlass thinks security needs to put people first, "2020 has been incredibly stressful. Organizations should therefore look to put people first in 2021. Cybersecurity teams are especially stressed. They've been tasked with securing a changing environment where more people than ever before are working remotely. They've also faced new threats as cyber criminals have looked to take advantage of the pandemic: whether through phishing attacks or exploiting weaknesses in corporate infrastructure. Being proactive, encouraging good cyber hygiene and executing a well thought out cyber program will go a long way towards promoting a peaceful and productive 2021, not least because it will build resiliency."

The idea of commuting to an office space for work increasingly feels like an outdated approach, especially as we are months into stay-at-home orders amid COVID-19. However, not long ago, some businesses were resistant to the idea of remote work, citing fears such as reduced employee output.

Fortunately, as organizations across all industries were forced to rapidly support remote work, many have been pleasantly surprised by continued, high levels of employee productivity, putting previous fears about diminished output to rest. Unfortunately, many organizations are still fumbling to put security infrastructure in place that enables remote work productivity without compromising security. In fact, 33 percent of organizations were not sufficiently prepared to support remote operations at the beginning of the pandemic, and many IT teams have been finding that they are in need of meaningful changes.

After 2020 managed to turn most of the world on its head, making predictions for 2021 might seem to be a bit risky. Plenty of industry experts have been doing so, however, which means that it's time for our usual seasonal round ups of what you can expect to see from the technology world next year.

One of the biggest impacts of 2020's pandemic has been on networks as more people than ever have switched to remote work. Let's have a look at how the industry thinks this will play out in 2021.

Securing enterprise networks has always been a challenge, but 2020 and the shift to remote working has made it even more so.

Fortunately secure SD-WAN technology can help businesses to deal with the new landscape as well as reducing costs and making strong security accessible to more organizations. We spoke to Mike Wood CMO of Versa Networks to find out more.

The move towards zero trust has been one of the big security stories of 2020, driven by a switch to remote work, but so far it has been largely the preserve of bigger organizations.

Now though JumpCloud has added Conditional Access policies to its Directory Platform, enabling IT admins to adopt zero trust security from the same cloud platform that they use to manage and securely connect users to IT resources.

Paying off a bad actor for successfully implementing ransomware into an organization is the enterprise equivalent of rewarding a bad child who vandalized a home with candy -- but unfortunately, many organizations often have no choice but to pay… and pay a lot.

Technology has enabled asymmetric attacks. In other words, one attacker can federate an attack across many organizations. The attacker needs to get the attack right once -- while the defenders (corporations, governments, hospitals, etc.) need to get their defense right every… single… time!

With many large enterprises using Active Directory (AD) and Azure Active Directory (AAD) to control user permissions and access, this has become one of first places attackers look for weakness.

Add to this an acceleration of digital transformation projects due to the pandemic and more and more companies are looking to implement zero trust to stay secure. But a new report from One Identity suggests this transition may prove challenging.

Virtual private network (VPN), software defined perimeter (SDP), zero trust network access (ZTNA), there are plenty of technologies around for protecting remote access to enterprise networks.

This is an area that's been thrown into sharper focus this year, but what's the best option for keeping remote access secure? We spoke to Scott Gordon, CISSP for Pulse Secure to discuss the value of the different options available.

With upwards of two-thirds of UK adults set to work remotely for the remainder of this year, it’s clear that the pandemic will create a larger attack surface, and increase opportunities for cyber criminals. In effect, the enterprise perimeter has not only expanded but it has also become much more distributed.

Likewise, modern cyber attacks are not just limited to network intrusion from the outside. Internal threat actors can often be found at the center of sophisticated attacks. Therefore, today, threats come from both inside and outside the organization, via the business partner and supplier ecosystem, and through employees working remotely. This means we need to re-assess and re-think the way we defend our networks, users and data. For example, organizations will need more support around connecting and managing BYOD devices on the home network, including sharing of policies and tools around sensitive data, which could be accessed via insecure Wi-Fi. Additionally, with ransomware, phishing and DDoS attacks growing exponentially, they will also be looking for technologies that enable them to protect networks from cyber attacks, especially those that threaten network availability.

Productivity and security can pull enterprises in different directions. Especially in the age of remote work when IT decisions are largely being dictated by the needs of a dispersed workforce. Let’s not forget, that remote work isn’t about an employee in a satellite office equipped with on-premise security infrastructure.

Remote work is about end users who work whenever, wherever, and from any device they choose. While this model has great productivity benefits, it’s placing IT and security teams on the backfoot and forcing them to protect business critical data in more places than ever before.