Building a successful zero-trust strategy in a hybrid environment

cybersecurity

Martin Riley, Director of Managed Security Services at Bridewell tells us about zero-trust strategy and building a successful hybrid environment

With cyber-attacks continuing to dominate headlines, Martin Riley, Director of Managed Security Services at Bridewell explains why organizations must implement an effective Managed Detection and Response (MDR) strategy to build an effective zero-trust model in a hybrid environment.

With 64% of companies worldwide experiencing at least one form of a cyber attack, there’s no denying that cyber-attacks are on the rise. This is happening at a time when remote and hybrid working models have become dominant across all businesses, with employees able to work flexibly, across different locations. This makes, managing the starters process and endpoint security in remote and hybrid environments challenging. Perimeters have expanded and employees are working from uncontrolled environments via their own devices making the attack surface bigger. Essentially, in a dispersed environment, the threats have changed. Therefore, the increase in cyber security risks directly correlates to poorly managed and secured end-user devices.

Many businesses also still have an IT architecture that relies on devices being within the office at some point to receive updates, patches, and policies. In a hybrid model, this is no longer sufficient and organizations need to modernize cyber security systems fast to reflect the changes to working models and threat landscape.

At a basic level, this means preventing employees from connecting to business networks and using personal machines that don’t meet a minimum-security baseline. The technology to address these problems has been available for many years, but in recent years this has moved to a cloud delivery model making it easier to govern and scale. More critically, it means moving towards a zero-trust model to reduce risk.

What is zero-trust?

A zero-trust strategy security model simply assumes one thing: trust no-one and no device. An effective strategy is based on three basic principles. First, verify explicitly. This means authenticating and authorizing users and devices based on all available data points, including user identity, location, data classification, device health, service or workload, and any anomalies. Second, use the least privileged access; This means limiting user access with just-in-time, just-enough-access, and risk-based adaptive policies while employing data protection to ensure both the security of data and productivity.

Finally, always assume a breach; Organizations need to accept breaches will happen and focus on minimizing the blast radius and preventing any lateral movement by segmenting by the user, devices, network, and app awareness. All sessions need to be encrypted end-to-end and analytics used to drive visibility, threat detection and improve defenses.

Applying zero-trust to a hybrid environment

In a hybrid working environment, zero-trust is even more critical. Businesses are now highly connected and distributed and the increasing migration of data and applications into the cloud to help remote collaboration and access adds to cyber security complexity. Lack of secure cloud configuration is the biggest contributor to security breaches after software vulnerabilities.

Even for organizations without data on third-party servers, the adoption of cloud platforms like Office 365, Salesforce, or Gmail has extended risk profiles. In this environment, organizations need to separate users and devices as much as reasonable from corporate assets such as data, applications, infrastructure, and networks and follow the Identify, Authenticate, Authorise, and Audit model (IAA). 

The IAAA model uses the identity provider and secondary authentication systems to identify and authenticate the user or device. Importantly, it assumes they have no access and provides access to only what is needed at the time of the request. Stricter rules around conditional access can also be built-in, such as time and geography. For example, users from the UK could be granted read-only permissions, while logins from IP addresses in China or Russia could be fully restricted. Lastly, by using session information and telemetry, organizations can conduct a comprehensive audit trail for real-time detection of a policy breach.

Aligning zero-trust with security monitoring

While zero-trust is critical in protecting modern IT environments, ultimately to be truly effective, it should be integrated with an effective Managed Detection and Response (MDR) strategy and assume breach. MDR combines human analysis, artificial intelligence and automation to rapidly detect, analyze, investigate and actively respond to threats and is instrumental in facilitating a transformation to a zero-trust approach.

This can be deployed rapidly and cost-effectively as a fully outsourced service or via a hybrid security operations center (SOC) and helps to develop a reference security architecture that enables organizations to safeguard on-premise systems, cloud-based applications, and SaaS solutions. It also enables companies to quickly respond to new threats, reducing cyber risk and the dwell time of breaches.

The most effective methods of MDR are those that utilize Extended Detection and Response (XDR) technology to enable detection and response capabilities across network, web, email, cloud, endpoint, and most crucially, identity.  This ensures that wherever the cyber-attack comes from, users, assets, and data remain safeguarded, adding a protective layer to the zero-trust environment and ensuring proactive action against threats.

XDR combines several security products that allow for detection and response, providing greater visibility, coverage, and performance across areas such as cloud, endpoint network, and identity. XDR integrated with security information and event management systems (SIEM) that can correlate data from artificial intelligence (AI) and machine learning and security orchestration, automation, and response technology (SOAR).

Choosing a solution that leverages existing investments in Microsoft 365 licensing can enable organizations to consolidate security suppliers and reduce security spending while increasing coverage and visibility. It also pays to consider an MDR solution that can be offered as part of a hybrid SOC to rapidly mature and enhance an existing security team.

Running a SOC in-house can pose difficulties in terms of skills and resources, while a completely outsourced SOC often lacks alignment to the organization’s objectives and culture. A hybrid SOC approach combines the best of both and leverages the skills of in-house professionals while benefiting from the expertise of a managed security services provider to strengthen security posture and plug any gaps where in-house skills may not exist. Ultimately, only by bringing the concepts of zero-trust and MDR together, can organizations take control of their sensitive data and reduce the likelihood of security and privacy breaches occurring.

Rethinking cyber security

The pandemic presented an opportunity for organizations to rethink how they do security. Remote and hybrid working is now the norm and information security needs to be overhauled to reflect the changes to the threat landscape.

It’s no longer a case of if a cyber attack will happen but when. Organizations much assume a breach and any business that hasn’t already must shift to a zero-trust model, focused on trusting nothing and securing user identities and devices just as much as network perimeters.

Crucially, zero trust is not a technology but a holistic approach that can be built into the existing architecture and used across the entire organization. With the help of technologies such as XDR which allow rapid detection and response of threats across endpoint, network, web and email, cloud and importantly identity, businesses can enable people, technology, and applications to work together to create a culture that immediately questions attempted access to the network from any device or user. Most importantly, organizations can be confident that all users, assets, and data remain protected, regardless of where the user resides.

Implement your zero-trust policy webinar

Click here to discover more of our podcasts

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...