{"id":140244,"date":"2021-08-13T13:30:09","date_gmt":"2021-08-13T10:30:09","guid":{"rendered":"https:\/\/www.enerjigazetesi.ist\/?p=140244"},"modified":"2021-08-13T13:32:33","modified_gmt":"2021-08-13T10:32:33","slug":"yeni-donemin-sifresi-asla-guvenme-her-zaman-dogrula","status":"publish","type":"post","link":"https:\/\/www.enerjigazetesi.ist\/en\/yeni-donemin-sifresi-asla-guvenme-her-zaman-dogrula\/","title":{"rendered":"Protecting The Hybrid Workplace Through Zero Trust Security"},"content":{"rendered":"

<\/p>\n

The post-pandemic normal for global organizations increasingly means using digital technology to support more flexible working practices.\u00a0Although tech giants\u00a0such as\u00a0<\/span>Twitter<\/span><\/a>\u00a0and\u00a0<\/span>Facebook<\/span><\/a>\u00a0made headlines by promising some employees they can work from home forever, the reality for most employers is likely to be more prosaic.\u00a0<\/span>More than 60% of businesses<\/span><\/a>\u00a0are planning to support a hybrid workplace which will involve employees spending part of the week at home and a few days in the office. Yet this will also bring with it new cyber-risks, as we outlined in the\u00a0first post of this series\u00a0that examines the\u00a0<\/span>security challenges of\u00a0the\u00a0hybrid workplace<\/span><\/a>.<\/span>\u00a0<\/span><\/h2>\n

The good news is that this\u00a0what the\u00a0Zero Trust\u00a0model was built for.\u00a0Already\u00a0mandated for\u00a0U.S.\u00a0federal government agencies by a\u00a0<\/span>new\u00a0Presidential\u00a0executive order\u00a0<\/span><\/a>it offers an increasingly popular way to minimize cyber-risk in a world of hybrid cloud,\u00a0<\/span>remote working<\/span><\/a>\u00a0and persistent threat actors.<\/span>\u00a0<\/span><\/p>\n

\"\"The challenges of protecting the hybrid workplace<\/span><\/h3>\n

Today\u2019s CISOs are under incredible pressure to protect sensitive IP and customer data from theft,\u00a0and business-critical systems from service interruption.\u00a0Despite rising security spending, breaches continue to\u00a0escalate.\u00a0<\/span>The cost of\u00a0data breaches<\/span><\/a>\u00a0stands at an average of nearly\u00a0US$3.9 million per incident today, with organizations typically taking hundreds of days before they discover and contain these attacks.<\/span><\/p>\n

Read also the other parts of the\u00a0<\/em>Security for the hybrid workplace\u00a0<\/em><\/strong>series:<\/em>
\nThe hybrid workplace: What does it mean for cybersecurity?<\/a><\/em>
\nTackling the insider threat to the new hybrid workplace<\/a><\/em>
\nWhy cloud security is the key to unlocking value from hybrid working<\/a><\/em>
\nExamining threats to device security in the hybrid workplace<\/a><\/em><\/div>\n

The advent of mass remote working, and now the hybrid workplace, hands even more advantage to the threat actors. Organizations are at risk from several areas,\u00a0including:<\/span><\/span><\/p>\n

– Distracted\u00a0home\u00a0workers\u00a0who are more\u00a0likely to click on phishing links<\/span>\u00a0<\/span><\/p>\n

– Remote workers using potentially insecure\u00a0personal\u00a0laptops\u00a0and mobile devices,\u00a0networks\u00a0and smart home devices<\/span>\u00a0<\/span><\/p>\n

– Vulnerable VPNs\u00a0and other unpatched software running on home systems<\/span>\u00a0<\/span><\/p>\n

– Poorly configured RDP endpoints, which may be easily hijacked via previously breached or easy-to-crack passwords.\u00a0<\/span>ESET reported a 140% increase<\/span><\/a>\u00a0in RDP attacks in Q3 2020<\/span>\u00a0<\/span><\/p>\n

– Cloud services with weak access controls\u00a0(poor passwords and no multi-factor authentication)<\/span>\u00a0<\/span><\/p>\n

Why Zero Trust?<\/span>\u00a0<\/span><\/h3>\n

In\u00a02009, Forrester developed a new information security model, called the Zero Trust Model, which has gained widespread acceptance and adoption. It\u2019s designed for a world in which the old certainties of placing all security resources at the perimeter and then trusting everything inside it,\u00a0are\u00a0no longer relevant. That\u2019s the world we live in today thanks to distributed working and cloud ubiquity.\u00a0<\/span>\u00a0<\/span><\/p>\n

Instead, Zero Trust is founded on a mantra of \u201cnever trust, always verify\u201d to help reduce the impact of breaches. In practice, there are three underlying principles:<\/span><\/h3>\n

1- All networks should be treated as untrusted<\/span><\/b>
\n<\/span>If all networks are untrusted, then so must users be. After all, you can\u2019t guarantee that an account hasn\u2019t been hijacked, or that a user\u00a0isn\u2019t\u00a0a malicious insider. That means granting employees\u00a0just enough\u00a0privilege\u00a0to get\u00a0the\u00a0job done, and\u00a0then\u00a0regularly auditing\u00a0access\u00a0rights\u00a0and removing any that are no longer appropriate.\u00a0<\/span><\/p>\n

2- Least privilege
\n<\/span><\/b>This should include home networks,\u00a0pubic\u00a0Wi-Fi networks (for example,\u00a0in airports and coffee shops) and even on-premises corporate networks. Threat actors are simply too determined for us to assume that there are any safe spaces left.<\/p>\n

3- Assume breach<\/span><\/b>
\nEvery day\u00a0we hear news of a\u00a0new\u00a0security\u00a0breach. By maintaining\u00a0an alert\u00a0mentality, organizations\u00a0will be vigilant and continue to improve\u00a0their\u00a0defenses\u00a0with a resilient Zero Trust mindset. Breaches\u00a0are\u00a0inevitable\u00a0\u2013\u00a0it\u2019s about reducing their\u00a0impact.<\/p>\n

How Zero Trust has evolved<\/span>\u00a0<\/span><\/h3>\n

When Zero Trust was first created back in 2009, it was a very network-centric model. Over the years it has evolved into an entire ecosystem. At its\u00a0center\u00a0is the critical data or business processes that must be protected. Around this are four key elements: the people that can access that data, the\u00a0devices that store it, the networks it flows through and the workloads that process it.<\/span>\u00a0<\/span><\/p>\n

Now Forrester has added another crucial layer: automation and orchestration and visibility and analytics. These integrate all the\u00a0defense-in-depth controls needed to support Zero Trust.<\/span>\u00a0<\/span><\/p>\n

Zero Trust in this new iteration is a perfect way to help mitigate the risks of a hybrid workplace\u2014an environment where perimeters are fluid, distributed workers must be continually authenticated, and networks are segmented to reduce the potential for threats to spread. It\u2019s also\u00a0become clear over the course of the pandemic that VPNs in many cases were unable to sustain large numbers of remote workers\u00a0\u2013\u00a0both in terms of inbound traffic and in outbound deployment of patches.\u00a0They are increasingly also a\u00a0target in their own right, if\u00a0left unpatched and under-protected.\u00a0Zero Trust is a better long-term option.<\/span>\u00a0<\/span><\/p>\n

How to get started with Zero Trust\u00a0<\/span>\u00a0<\/span><\/h3>\n

The latest\u00a0<\/span>data suggests<\/span><\/a>\u00a0that nearly three-quarters (72%) of organizations are planning (42%) or have already rolled out (30%) Zero Trust.\u00a0The good news is that\u00a0getting there doesn\u2019t require a major rip-and-replace effort.<\/span>\u00a0<\/span><\/p>\n

In fact, you may already be using many of the tools and techniques needed to get started. These include the following:<\/span>\u00a0<\/span><\/p>\n

People:<\/span><\/b>\u00a0Roles-based access controls, multi-factor authentication, account segregation.<\/span>\u00a0<\/span><\/p>\n

Workloads:\u00a0<\/span><\/b>Most cloud providers build in controls here.\u00a0Organizations\u00a0should\u00a0use these to reduce access to different workloads.\u00a0and enforce good policies.<\/span>\u00a0<\/span><\/p>\n

Devices:<\/span><\/b>\u00a0Asset management will help you understand what you own. Then use endpoint detection and response (EDR), host-based firewalls and more to protect these assets and prevent lateral movement.<\/span>\u00a0<\/span><\/p>\n

Networks:<\/span><\/b>\u00a0Micro-segmentation is key here. Use network devices like routers and switches in combination with access control lists (ACLs) to limit who and what can talk to different parts of the network. Vulnerability management is also important.<\/span>\u00a0<\/span><\/p>\n

Data:<\/span><\/b>\u00a0Classify your data then apply encryption to the most sensitive types at rest and in transit. File integrity monitoring and data loss prevent can also help to secure data.<\/span>\u00a0<\/span><\/p>\n

Finally, it\u2019s about adding security orchestration and automation,\u00a0and data analytics capabilities,\u00a0on top. This brings the situational awareness security operations teams need to\u00a0do their jobs effectively.<\/span>\u00a0<\/span><\/p>","protected":false},"excerpt":{"rendered":"

The post-pandemic normal for global organizations increasingly means using digital technology to support more flexible working practices.\u00a0Although tech giants\u00a0such as\u00a0Twitter\u00a0and\u00a0Facebook\u00a0made headlines by promising some employees they can work from home forever, the reality for most employers is likely to be more prosaic.\u00a0More than 60% of businesses\u00a0are planning to support a hybrid workplace which will involve […]<\/p>\n","protected":false},"author":1,"featured_media":140247,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[51,53,157],"tags":[95031,95037,95036,95035,78013,90733,94833,95034,95032,95040,95033,55724,70636,95030,95029,2993,84198,65918,95041,95028,95039,95038],"views":117,"_links":{"self":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts\/140244"}],"collection":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/comments?post=140244"}],"version-history":[{"count":3,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts\/140244\/revisions"}],"predecessor-version":[{"id":140250,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts\/140244\/revisions\/140250"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/media\/140247"}],"wp:attachment":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/media?parent=140244"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/categories?post=140244"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/tags?post=140244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}