Trusting in Zero Trust

As organisations become digital-first out of necessity, cybersecurity becomes a primary concern to ensure business continuity.

This is reflected by the constant rise of security budgets in 2019 and, at a lower rate, in 2020 and the improved relationship of CISOs with senior management (source: Cybersecurity Breaches Survey, UK, 2019).

COVID scams are on the up

This year’s Club CISO Security Maturity Report suggests that more employees are falling foul of phishing tests when they are working from home: “Our normal click rate on a phishing test is 2-4%, but even after sending multiple ‘Beware Covid Scams’ emails to everyone, the click rate on our latest phishing test was 26%”.

80% of the businesses surveyed in the report, had identified cyber attacks in the form of fraudulent emails or being directed to fraudulent websites.

Insider Threats

In recent years we have seen the proliferation of cyber-attacks that bypass classical cyber defences. The conventional security posture of building strong perimeter firewalls is no longer enough when you consider that 42% of cybersecurity incidents are caused by non-malicious insiders, according to the same report.

Insider threats are becoming an alarmingly large contributor to breaches for businesses across the globe. A recent report from Verizon found 34% of data breaches in the past year involved internal actors. Often, these internal actors are unknowing participants. This perhaps explains why the top three topics on the CISO’s radar are security culture, Cloud security and security resilience.

Cybersecurity: a board-level concern

Additionally, where businesses have lost data or assets through cyber security breaches, the financial costs from such incidents have consistently risen since 2017, as found by a recent survey commissioned by the UK government. The report concludes: ‘Our findings continue to highlight the importance of board-level engagement with cyber security.’

With security now business-critical, it is the responsibility of the C-Suite to ensure risk is mitigated, elevating cybersecurity to a board-level priority.

As previously mentioned, the old castle and moat model of cyber defence is no longer effective to protect your business from modern-day hackers. Defending your perimeter is not easy when the borders of your organisation are growing and fluid, following remote working practices and Cloud migration.

Keeping pace with this hostile threat landscape means looking beyond the idea of building ever-larger walls, and instead, take a new approach, one that fits with the way businesses operate now.

New security for a new world

Let’s look at the cybersecurity system we have inherited. Before the migration to the Cloud, data centres were managed locally by engineers, addressing and solving issues was a manageable exercise, as the hardware was based on site.

Nowadays, businesses don’t always know where their physical, or virtual machines reside. Instead, they are simply use a server to run applications, working with a boundary-free infrastructure that needs a completely different security approach. The past few months have shown we live in a world where enabling remote working is no longer a luxury, it is business-critical. If businesses weren’t moving to the cloud before, they certainly are now.

The only way to manage security with an infrastructure that is dispersed, complex and widely accessible is to treat every user as a potential security threat at all times. This is a modern way of thinking about security, one which is called Zero Trust.

Zero Trust and Micro-Segmentation in the Cloud

In a Zero-Trust model of security, every communication, service and interaction are verified and checked. There are a couple of Zero Trust methodologies that can be applied, Identity Access Management (IAM) to manage access to services and apps, through the principle of ’Least Privilege’ or Role Based Access Control (RBAC), that implies denying access to anything the user does not have a specific need for. Zero Trust Networking or Micro-Segmentation takes that approach a step further, by overseeing network traffic to and from the services or applications, ensuring only approved services or devices access the chosen destinations. By doing this, Zero Trust Networking, reduces the level of risk exposure and attack surface that a hostile actor can access.

As explained by Rajesh Khazanchi, Co-Founder and Executive Vice President at Colortokens: “the core principle of Zero Trust security is to always verify and cross-examine every single interaction with business infrastructure. Software-defined micro-segmentation at the host level enables security teams to isolate environments and segment workloads and applications that are distributed. Once segmented, fine-grained security policies can be applied, based on a Zero Trust approach.”

With the right technology and practices in place, this approach to security can become a business enabler. Not only does it add protection, but it allows teams and employees to work more efficiently. Each employee is presented with a streamlined system, showing only what is relevant to their role. Meanwhile, the protection against cyber threats will reduce unwanted interruptions and potential downtime.

Don’t leave security behind on your cloud journey

As we adjust to working remotely as the new normal, the Cloud is becoming a core business asset. As such, it must be secure. Buying into cloud-based security means you have to buy into it completely, and software-defined micro-segmentation is a core step in this journey. Embracing Zero Trust at a cultural level is important, as is having the right technology to back it up.

ColorTokens is a leader in cloud-delivered Zero Trust security, empowers global enterprises with a proactive approach to securing cloud workloads, dynamic applications, endpoints, and users. Through its award-winning Spectrum Platform, ColorTokens delivers products and services that help businesses accurately assess and drastically improve their security posture.

To find out more about how you can embrace the next generation of cloud security, click here.