Maximize zero trust security by expanding beyond basic principles | SC Media

Maximize zero trust security by expanding beyond basic principles

September 14, 2020
AT&T announced back in March that its workforce of more than 200,000 wold work-from-home because of the pandemic. Today’s columnist, Tawnya Lancaster of AT&T Cybersecurity, offers insights into how the pandemic has accelerated digital transformation and for security teams, adoption of the Zero Trust model. (Photo by Ronald Martinez/Getty Images)
  • Gain visibility and map transaction flow. Identify the data, assets, applications, and services in the company’s hybrid network, prioritize the criticality of each, and map the transaction flows between them. John Kindervag, who created Zero Trust, has coined the term “protect surface” as the smallest reduction of the company’s attack surface based on one or more of the data, applications, assets, and services (DAAS). By defining protection surfaces and prioritizing the criticality of each, security teams can move controls as close as possible to the DAAS through use of microperimeters and microsegmentation. This also helps limit the potential East-West movement of attackers and contain the blast zone should a breach take place.
  • Establish micro-perimeters and segment the network. Isolate applications and devices closer to the workload, including setting up micro-perimeters. Depending on the criticality of the data, application, assets, or services within those perimeters, add further protections by also using microsegmentation.
  • Develop dynamic security policies. Exercise the principle of least privilege access by creating a dynamic security policy and extending multi–factor authentication for user, machine, and mutual authentication.
  • Monitor, enforce, and maintain. Evolve to continuous monitoring of risk and trust for each entity (users, devices, and applications) by developing a risk/trust engine – an area that’s often the most difficult to execute.
prestitial ad