Zero Trust
What is Zero Trust?
Zero Trust is the concept that no person, device, object, or connection should be trusted until it is proven that it should be.
However, in practical terms it is far more than that. Zero Trust should challenge the accepted approach to cyber security in order to cater for the modern technologies and a rapidly changing threat landscape.
This involves preparing your cyber security program for these key issues:
- Your users and devices could be connecting anywhere, anytime.
- Data is often legitimately leaving the perimeter.
- Third parties (SaaS apps, contractors, partners) need to receive, store, and share sensitive data.
- An attacker could already be inside your perimeter.
Why should you be thinking about Zero Trust?
Today, companies are using modern platforms and technologies to drive productivity through greater flexibility and agility. With this comes increased cyber risk. Modern users, workplaces and technology need up-to-date cyber security frameworks for protection.
With ever more remote workers, their devices and data are no longer within the workplace’s perimeter. Remote workers are now everywhere increasing the exposure of their organisations while a lack of control/visibility hampers oversight.
We’ve also witnessed a strong increase in the technical capabilities of an organisation’s workforce. End users are now younger, more tech savvy and capable of signing up their own SaaS apps and services and begin storing organisational data there, often with no thought on cyber security implications.
The old way of placing trust inside internal networks leaves an organisation exposed once an asset is compromised.
Organisations want to use modern technologies (Cloud, SaaS, productivity), but their cyber security program often isn’t ready for it.
A modern cyber framework allows cyber security to be a business enabler – joining organisations on their tech transformation journey and improving reputation (and cyber security outcomes as a result!).
What is Sekuro's Zero Trust Strategy?
Sekuro strongly believes that Zero Trust is a concept that needs to be considered across an organisation’s technology and people landscape. From that conviction, Sekuro has developed our own Zero Trust Strategy which focuses across 8 key pillars for an exhaustive look at your organisation’s entire cyber security posture.
What are the 8 Pillars of Sekuro's Zero Trust Strategy?
People
Create culture and awareness that embraces Zero Trust across the entire organisation, ensuring your people are resilient to cyber threats.
Identities
Multi-step authentication and verification of users on an on-going basis with automated, continuous provisioning and deprovisioning.
Endpoints
Protection of devices no matter location, operating system, or user.
Networks
Segment and isolate networks to help protect data in transit or at rest.
Infrastructure
Protecting key infrastructure from data exfiltration, misconfiguration, unauthorised access and modification.
Applications
Catalogue, risk assess, restrict access to and protect applications and APIs.
Data
End-to-end protection of data covering classification, labelling, restricted access, DLP and encryption.
Analytics
Real-time observation across all pillars to understand interactions, anomalies and threat visibility.
Is my organisation ready for Zero Trust?
Sekuro understands that not every organisation has the capability or need to aim for highly strict cyber security controls in their environment, and therefore we have developed three maturity levels to allow all organisations to align with a Zero Trust target state that can be tailored to their needs.
Level 1 – Maturing:
The organisation has the fundamental capabilities/technology in the respective pillar to set the baselines for a Zero Trust environment but requires additional effort to realise the value of their technologies and gain additional protection.
Level 2 – Pragmatic:
The organisation has implemented pragmatic Zero Trust cyber security controls in the respective pillar; prioritising controls that give strong protection while balancing costs/effort/resourcing requirements and focusing on reduction of high risks.
Level 3 – Advanced:
The organisation has implemented advanced Zero Trust cyber security controls in the respective pillar with a strong focus on protection, monitoring, automation, orchestration and reduction of all levels of risk.
Key benefits of the Sekuro Zero Trust Strategy:
Sekuro’s Zero Trust Strategy recommendations are clear and actionable. We make realistic goals that are achievable and explain clearly what needs to be done. While exhaustive, the report is pragmatic and easy to understand without skimping on the technical details.
We use customisable target levels from 1 to 3 across each pillar. Organisations with less resourcing can still gain huge benefit by targeting level 1 or 2, with highly equipped organisations aiming for level 2 or 3. This makes it applicable to all organisations regardless of they are of high cyber security maturity, still on their journey or just starting out.
Sekuro’s Zero Trust Strategy also addresses many areas that aren’t contained within popular frameworks. Organisations that either aren’t ready for other frameworks or already meet them can still gain a significant amount of value
Sekuro’s Zero Trust Strategy also has multiple overlaps, allowing your organisation to further your alignment to frameworks like ISO 27001 and the ACSC Essential Eight.
Our strategy allows your organisation to embrace modern technology trends (Cloud, SaaS, Productivity), allowing your businesses to thrive whilst appropriately managing risk.
Ready to start your own journey towards Zero Trust?
Sekuro’s Zero Trust Strategy has been created by our clever folks to focus on the areas that give the greatest cyber security benefits whilst being pragmatic and realistically achievable for all organisations. It was created by cyber security professionals with years of hands-on experience in cyber security engineering, architecture and executive leadership across both private and government sectors globally.
Sekuro’s Zero Trust Strategy is a comprehensive, pragmatic, technical cyber security review consisting of interviews and assessing your organisation against 140+ security controls which takes approximately two weeks to complete.
Raed about how CBHS brought their Zero Trust Strategy to life with Sekuro.
Speak to us today on how we can help your organisation on their Zero Trust journey and further modernise your cyber security program using our Zero Trust Strategy.