7 Simple Steps to Make Zero Trust Security Easy

We want to share 7 simple steps to make Zero Trust Security easy to adopt and integrate into your small and medium-sized business (SMB).

John Kindervag, a former Forrester analyst, introduced Zero Trust in 2010.  The concept gained wide acclaim and approval as a trusted framework for cybersecurity especially in the last few years.  As the National Institute of Standards and Technology (NIST) explain in simple terms “Never trust, always verify” approach.

NIST published their Zero Trust Architect in August of 2020.  You can download their documentation and information here.

Implementing Zero Trust Security within your business can help guard against data breaches, downtime, productivity loss, customer churn and reputation damage.  Over 70% of businesses planned for the deployment of Zero Trust in 2020 and it is even more critical for SMBs in an era where workforces and networks are becoming heavily distributed.⁽¹⁾

Three Myths of Zero Trust Security

Myth #1: Zero Trust Security is only for enterprise

While it’s true that Enterprises prioritize protection of their data and networks by deploying the best solutions and approaches, SMBs must also protect sensitive data and networks by taking adequate measures to minimize internal and external vulnerabilities.  With Microsoft 365 Business Premium, SMBs can implement Zero Trust quite easily with minimal cost.

Myth #2: Zero Trust Security is to complex

By simply applying Zero Trust concepts for your business, you will realize it isn’t as complex as you thought.  Just follow the 7 simple steps in this blog.

Myth #3: The cost of implementing Zero Trust is to high

I love this one.  Start with your core business applications and data sets first along with Microsoft 365 Business Premium for SMBs.  The biggest change for small businesses is to adapt to key security concepts.

Four Statistics that you should consider

These key statistics should convince you the seriousness of today’s cyberthreat landscape as well as the need for a Zero Trust approach:

• Human error causes close to 25% of data breaches.⁽²⁾ – It doesn’t matter if an user is internal or external.
• Experts predict that ransomware attacks will occur every 11 seconds in 2021.⁽³⁾ – This gives you no time to be complacent.
• Over 40% of employees are expected to work from home post pandemic.⁽⁴⁾ – More employees are operating outside the corporate perimeter.
• Phishing attacks have increased by over 60% since the pandemic started. ⁽⁵⁾ – Cybersecurity policies must be dynamic and adapt to address additional concerns.

Implementing Zero Trust Security does not mean throw away your existing security tools and technology solutions.  In fact, according to NIST, Zero Trust Security must incorporate existing security tools and technologies more systematically.

Build an effective Zero Trust Model

With the following simple steps build an effective Zero Trust model that encompasses governance polices – like giving users only the access needed to complete their tasks:

#1 – Multifactor Authentication

Implement multifactor authentication (MFA) for your users.  Microsoft 365 Business Premium includes this feature plus allows for additional applications to be implemented into the tenant with single sign-on with MFA.  The best part no increase in cost.

#2 – Identity and Access Management

This topic is nothing new.  More than likely you have a level of access management in place today.  However, do you control who access critical resources (subjects) based on identity and assigned attributes.  Only allowing the necessary access to complete tasks is essential.

Resource access and permission policies vary based on the sensitivity of the resource/data.  The method should follow the least privilege principle.

#3 – Risk Management

First of all, you need to know the value of your business assets.  Based on that with the help of a partner or internal evaluation, determine the risks to your environment.

#4 – Analytics

From an analytics point of view, you need to know your organizational behavioral attributes.  Then based on attributes of your organization assign to a subject, data asset, or application following the least privilege principle.

#5 – Encryption

Critical or sensitive data needs to be encrypted.  Not only on end user devices but where ever the data is stored and in transit.

#6 – Scoring

A trust algorithm (TA) is the process used by a policy engine to ultimately grant or deny access to a resource.  A score-based TA computes a confidence level based on values for every data source and configured weights.  A score greater than the configured threshold value allows access to be granted or action to be performed.

#7 – File-systems permissions

Make sure your file-system permissions are set to only allow access to those who need them based on data sensitivity.

Final Thoughts on Zero Trust Security

We hope the above steps provide helpful guidance to get started.  If you need further assistance, reach out to a trusted MSP partner who can make this process easier and more successful.  Contact us now to get started.

Article curated and used by permission.

Source:

1. Solutionsreview.com
2. IBM 2020 Cost of Data Breach Report
3. JD SUPRA Knowledge Center
4. Gartner Report
5. Security Magazine Verizon Data Breach Digest