Experts tell all: How zero trust bolsters your cybersecurity posture
SHI and SentinelOne join forces to help you navigate the zero trust cybersecurity landscape in part one of Brad Bowers’ interview with Milad Aslaner.
Zero trust strategies help organizations improve their security posture with policies that follow a “never trust, always verify” mentality, whereby no user or device is given default access to the organization’s network, applications, or data.
Because zero trust permeates throughout almost every aspect of an organization’s technology stack, implementing an effective strategy can seem daunting – especially if you lack the expert resources to know where and how to start.
In part one of this exclusive three-part interview series, Brad Bowers, SHI’s Global Field CISO, and Milad Aslaner, SentinelOne’s Head of Technology Advisory Group, come together to share expert insight from their decades of cybersecurity experience.
What are the three focus areas of zero trust?
Implementing zero trust is about mitigating as much risk as possible and squashing out the security gaps that keep IT and security teams up at night. What are the fundamentals of an effective zero trust strategy, and how can these areas come together to create a holistic security solution?
Milad Aslaner: At its core, zero trust has three focus areas:
The first is “never trust, always verify.” We’re moving away from granting certain privileges based solely on corporate identities. Now we’re continuously validating the health state of these user identities and devices.
Second, “assume a breach.” It’s no longer a matter of if, but when a breach will occur. Zero trust acknowledges this and ensures the right counter measurements are in place to stop malicious activity as early as possible.
The third aspect is real-time verification and authorization of the trust relationship between the organization and its identities and devices. In the moment when an entity requests access, we need to validate the health in real time, confirm the entity is uncompromised, and only then grant temporary access to resources and services.
Zero trust is a fundamental shift from legacy perimeter-based security models. In the past, we assumed everything happened within an organization’s headquarters or regional offices. But now, many organizations’ legacy security architectures have significant blind spots against the new paradigms of remote work, hybrid offices, and bring your own device (BYOD) initiatives.
Brad Bowers: Building on Milad’s comments, implementing the three zero trust focus areas can often be easier than organizations may think. Many organizations are in the middle of their digital transformation – both migrating business applications to the cloud and modernizing legacy applications. This can be the perfect time to migrate to a zero trust methodology.
While every organization’s zero trust journey is unique, the core building blocks are the same. Through its implementation, zero trust enables organizations to take a deeper look at how users and data move throughout their systems. This can provide a more informed and secure digital transformation as well as provide better identification of security gaps, improve network visibility and logging, and reduce overall security complexity.
How does zero trust resolve business challenges within the cloud?
With the workplace’s abrupt transition to remote and hybrid work, many organizations are struggling to keep up with their rapid cloud transformation. How does zero trust resolve some of the business challenges these organizations face?
MA: To maintain business continuity during the pandemic, many organizations had no choice but to hastily migrate to the cloud, with little time to think about the security aspect of their new business model.
These organizations are now looking back to understand the security implication of what has happened over the last two years. Zero trust can absolutely help here by easing the manual labor of legacy architectures.
For example, let’s say an endpoint is compromised. Usually, the solution is to wipe and load after you’ve done all your assessments and verifications. Someone has to access the user identity in Active Directory or a similar platform to disable the user account. These are highly manual and intensive jobs to do, and these manual processes pose a big challenge as the world has moved into the cloud with remote workforces.
Zero trust can help because it is built from the ground up in the cloud, offering real-time visibility and analytics. Through extended detection and response (XDR) capabilities, it allows you to coordinate responses either manually or via automation.
How does zero trust improve user experience?
Especially in a remote or hybrid workplace, an organization’s security stack needs to function without hindering productivity. How can zero trust improve the user experience while still maintaining holistic security?
MA: There needs to be a balance between user experience, productivity, and security. Even if you turn your environment into Fort Knox, users will still find ways to bypass your security controls to get the experience they want. A common example is a security team may believe their organization isn’t using cloud storage, only for them to find out a subset of users have quietly been using personal cloud storage for months.
When environments are overly restrictive or complex, users will find different, simpler ways to do their job – even if their preferred methods are prohibited by their organization. Zero trust strikes that balance of being secure while not being so overly complex that it inhibits productivity.
One of the ways it does this is by quickly restoring business continuity. Historically, response times to cyberthreats have been harmfully slow. It would take too long for users to continue their work as normal – let alone understand what happened. With a zero trust strategy, the average response times can be greatly reduced and the employee can continue their job much, much faster.
BB: It’s important to note that zero trust architecture was designed with users in mind. It allows for the efficient and secure authentication and authorization of users and assets without adding additional steps or impeding the user experience. When implemented correctly, the user experience is seamless across cloud, Software-as-a-Service (SaaS), and on-prem applications.
Zero trust also unlocks the potential for increased performance. A core element of zero trust is the concept of leveraging network-level microsegmentation, allowing organizations to place users and resources in unique network segments based on user or system requirements. This offers many advantages, including giving priority to users and applications, the ability to reduce network congestion, and enhanced or “tuned” security monitoring.
Zero trust helps us protect intellectual property, find and eliminate insider threats, and segment off or ensure people are only getting access to the data, apps, and networks they absolutely need.
How does zero trust protect against ransomware?
A common insider threat for organizations of all sizes is ransomware. Threat actors are performing multi-extortion techniques, attempting to pivot from one compromised machine to get to as many other assets within an organization’s environment as possible. How does zero trust provide security against these events?
BB: Ransomware attacks often rely on “dwell time,” or remaining undetected long enough to achieve their objectives. Security teams have to race to identify and remediate issues before data is lost or damage is done. Zero trust helps give security teams an extra arrow in their quiver in the form of time and reduced impact potential of the attack.
In the fight against ransomware, the aforementioned “never trust, always verify” tenet of zero trust translates into more granular access controls applied across all users and resources. This more mature form of access management, in conjunction with continuous reauthentication, minimizes the risk of a ransomware attack pivoting unabated through an environment.
Zero trust also defends against ransomware through data, application, and network segmentation. Because zero trust removes the reliance on network location as a primary component of security, security teams can level segmentation at a more granular level. This can be based on users’ specific required applications, data, or even by grouping specific network segments together. The result is the ability to more easily identify and greatly reduce the impact of a ransomware attack.
MA: To that end, ransomware has been so successful at infiltrating large portions of an organization because the compromised endpoint and/or user identity has predefined trust relationships within an organization. The user identity might be a member of dozens of security groups that grant access to the file server, domain controllers, workplace devices, etc.
With a zero trust security model, that compromised endpoint wouldn’t have default access. The asset needs to request access and must prove it’s uncompromised – allowing security teams to identify and prevent malicious activity before the threat actor infiltrates the environment. It’s a huge game changer because it blocks actors’ traditional way of breaching the environment.
How will you tell your zero trust story?
In a hybrid everything world where distributed workforces span across states, countries, and continents, zero trust helps ensure your workers, devices, and data are safe. The zero trust methodology includes:
- An “always trust, never verify” philosophy
- Real-time verification and authentication of your organization’s trust relationships with users and devices
- Automated threat response via XDR
- A seamless user experience across cloud, SaaS, and on-prem applications
- Data, application, and network segmentation
- And much more
SHI and SentinelOne have the industry-leading resources and solutions you need to build a robust zero trust strategy. We help meet the needs of your organization with a zero trust solution that scales as you grow while securing your users and data against ransomware and modern threat actors.
Ready to build your own zero trust strategy with SHI and SentinelOne? Contact our cybersecurity experts today.