Have you ever wondered why some coffee machines need access to your Wi-Fi network? In the world of Zero Trust Network Architecture, even your innocent coffee machine is under suspicion!
Zero Trust Network Architecture is a security approach that operates on the principle of “never trust, always verify.” In the same way you wouldn’t let an unescorted visitor roam your office space, your network should also be skeptical of anyone or anything trying to connect.
Typically in networking, once a device has connected to your network, we deem this to be a trusted device and allow it access based on the source network it is a part of. There are security measures deployed through access-port security but this is a single layer of defence against malicious actors. What happens when the mac-address of your office coffee machine is spoofed and now we have a non-approved device with lateral movement on your network? We would hope you have this network behind a firewall. However, if not, we are back at “never trust, always verify” which stands for every user, device, or application attempting to access network resources, continually authenticating and proving their trustworthiness.
When a device wants to connect to your network it has to prove it is permitted. This can be through mac-address security, but this can easily spoofed. User accounts, time-based access and certificates can be layered on-top to bolster your security.
Once inside, devices only get access to what they absolutely need. Your coffee machine likely only need access to the vendor on https for stock management. It certainly does not need access to other areas of your network.
Instead of a one-time access grant, Zero Trust continuously monitors users, devices, and traffic. This means that trust must be earned repeatedly and is not assumed based on past authentication.
Network resources are divided into smaller, isolated segments, limiting lateral movement for attackers in case of a breach
Ensure that all data in transit is encrypted, protecting it from interception and tampering. This extends to the bit encryption of the ciphers used for encryption and decryption of the ciphertext, like using AES over DES.
These practices also extend to us. There is the physical security to consider on being that friendly person that holds the door for a tailgater. That other person that provides their domain password to someone claiming to be from IT. The more recent call into the Service Desk asking for their account password to be reset, without question or proof of who the caller is.
Continuous employee engagement and training on security best practices is key to enforcing zero trust on your network.
At JGC IT Services, we would be happy to help and assess where you are in your zero trust journey, even if this is the very start. There are some easy, cost effective changes that can be made to massively improve your security posture.
Your email address will not be published. Required fields are marked *
Comment *
Name *
Email *
Website
Save my name, email, and website in this browser for the next time I comment.
Post Comment
