Here are your articles for Monday, November 04, 2019
Is this email not displaying correctly?
View it in your browser .
Website Tax Services Consulting About Us Contact Us
Share Save

What Is Zero Trust Security?


Ever since cybersecurity first became an issue, we’ve been trying to protect data. Traditionally, we’ve assumed that all threats would come from the outside and that everyone within our network was “safe.” Several high-profile hacks proved that theory false, but it didn’t change how we did things.

Trust but Verify

Then, in 2010, John Kindervag, then a principal analyst at Forrester Research, Inc., announced a different model for securing data. This model, called zero trust security, had a more realistic premise: no one can be considered safe, whether they are inside or outside the perimeter of the particular system, because hacks can come from anywhere. “Trust but verify” applied to everyone, whether they were inside or outside the network. Kindervag’s model has evolved, but his core concept has remained: your network is only as secure as the user’s level of access.

This shift in how people think about security caught the attention of IT professionals. In fact, IDG’s 2018 Security Priorities Survey found that 71% of security-focused IT decision makers were aware of the zero trust model, 8% were actively using it in their organizations and 10% were piloting it.

Zero Trust Security

Zero trust security is based on an identity and access management (IAM) system. IAM systems begin with the premise that your network is being accessed by users and devices in unsecured locations, such as a coffee shop or an airport, so individual users must be identified as “friends” before they can gain access. Note that some systems are more sophisticated than others and that businesses need to conduct an in-depth analysis of the how, when, where and why different users might want to gain access. Zero trust systems are used in to enhance security in two primary ways:

1. Priviledged access: Privileged access grants as-needed access to different levels of employees. For example, salespeople might have access to data concerning their customers, whereas sales managers might have access to their direct reports’ data. Neither group would have access to manufacturing data because that information is not directly related to their jobs.

Each level of permission unlocks additional data. Each unlocked data level (or microsegment) increases the company’s risk exposure. Consequently, once the user is identified, the IAM system verifies every element of access whether it is stored on the company’s in-house servers, in the cloud, or managed by third-party SaaS apps.

2. Integrated multifactor authentication: MFA is another important aspect of zero trust security. It should be in place for all privileged accounts and business-critical systems. The two types of MFAs are flexible authentication policies and risk-based authentication:

  • Flexible authentication policies both enhance security and provide ease of use.
  • Risk-based authentication is a form of strong authentication that calculates a risk score for any given access attempt in real time. For example, a user might be locked out if he or she used an incorrect password too many times within a set time period. Certain situations require multiple levels of identification.

Cybersecurity is a complex area that is only becoming more important. This may be the time to think about how your data is protected. Contact us to discuss zero trust security implementation at your business.

Share Save

Your Comments

CironeFriedberg, LLP
CironeFriedberg, LLP
24 Stony Hill Rd, Bethel, CT 06801
(203) 798-2721
6 Research Dr, Suite 450, Shelton, CT 06484
(203) 366-5876
Friend Me on Facebook
Connect with me on LinkedIn
Saved Articles
Comments and Feedback
Refer A Friend
Your Privacy
Our firm provides the information in this e-newsletter for general guidance only, and does not constitute the provision of legal advice, tax advice, accounting services, investment advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal, or other competent advisers. Before making any decision or taking any action, you should consult a professional adviser who has been provided with all pertinent facts relevant to your particular situation. Tax articles in this e-newsletter are not intended to be used, and cannot be used by any taxpayer, for the purpose of avoiding accuracy-related penalties that may be imposed on the taxpayer. The information is provided "as is," with no assurance or guarantee of completeness, accuracy, or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability, and fitness for a particular purpose.
Powered by
Copyright © IndustryNewsletters All rights reserved.

This email was sent to:

Mailing address: 24 Stony Hill Road, Bethel, CT 06801