Behind the buzzword: Four ways to assess your zero trust security posture


In this exclusive opinion piece, Hank Schless, Senior Manager – Security Solutions, Lookout has penned on how to assess zero trust security posture

With just about everything delivered from the cloud these days, employees can now collaborate and access what they need from anywhere and on any device. While this newfound flexibility has changed the way we think about productivity, it has also created new cybersecurity challenges for organizations.

Historically, enterprise data was stored inside data centers and guarded by perimeter-based security tools. But with users using endpoints and networks your IT teams don’t manage, this approach has become antiquated.

To combat this new reality, organizations have turned to tactics such as relying on device management and antivirus software, as well as single sign-on and multi-factor authentication. Some vendors have even begun to claim these measures as a form of Zero Trust, a popular idea where organizations should not trust any entity and provide access to its applications and data until its risk levels are verified.

Four key “just because” of Zero Trust ‍

And while most of us understand Zero Trust conceptually, the path to Zero Trust is a complex and constantly evolving journey, there is no silver bullet to achieve Zero Trust, but there are ways for us to visualize and apply it to day-to-day IT and security operations.

So let’s cut through all the marketing noise and discuss what is and isn’t Zero Trust.

  1. Just because a device is managed doesn’t mean it can be trusted‍

Often organizations default to managing devices to secure their endpoints. The idea is that if you have control over your employees’ endpoints, they are secure. But it’s not enough. While device management tools can push updates to operating systems and apps, they don’t grant any real-time visibility into the risk levels of the endpoint. Zero Trust only works when you have a continuous understanding of an endpoint so you can make decisions about its access.

  1. Just because a device has antivirus doesn’t mean it’s free of threats‍

Malware is just one of the many ways a threat actor can compromise your organization. In fact, to skirt detection, attacks often use more sophisticated tactics like creating backdoors into infrastructure via internet-facing remote access systems such as remote desktop protocol (RDP) or virtual private network (VPN). They can also leverage vulnerabilities in operating systems or applications to gain additional access to an endpoint.

  1. Just because someone has the correct ID and password doesn’t mean they’re the user in question‍

Another way for an attacker to compromise an endpoint or an account is by using social engineering tactics. There are now countless channels to deliver phishing attacks to an endpoint, such as SMS and third-party messaging, email, social media platforms, even dating and gaming apps. With users having easy access to various enterprise apps such as Microsoft Office 365, Slack and SAP SuccessFactors, any of these accounts can be compromised.

This is where you need an integrated solution that can detect the context around a user’s behaviour. With integrated Data Loss Prevention (DLP) and User and Entity Behaviour Analytics (UEBA), security teams can understand the types of data a user seeks to access and whether it aligns with what they need access to and whether it’s normal behaviour. Without these, you can’t tell whether a user is who they say they are and enforce Zero Trust.

  1. Just because we know them doesn’t mean they aren’t a risk to your organization‍

Even when you have figured out that a device or endpoint is legitimate, doesn’t mean they aren’t a threat to your organization. Threats can come from internal users, whether intentional or unintentional.      In addition to malicious insider threats, any of us could easily share content to unauthorized users accidentally.

The takeaway is that cloud interconnectivity has amplified user errors and compromised accounts threats, because data can now move at lightning speed. This is why DLP and UEBA are essential to a solution, just as it can figure out whether an account is compromised, it can also stop insider threats and data leakage by legitimate employees.

‍Get your fundamentals right: deploy an integrated Zero Trust solution‍

The above “just because” are some of the most common misconceptions about Zero Trust, a concept that should be at the core of every organization’s security posture. By no means is my list comprehensive, but it should get you in the right mindset when it comes to vetting vendors that claim to offer a single tool that can solve challenges related to a remote-first environment.

In reality, no one can solve every piece of the Zero Trust journey which is why you should consider a solution that integrates endpoint security with Secure Access Service Edge (SASE) technologies to ensure that your sensitive data stays secure without hindering the productivity of your work-from-anywhere users.

Leave a reply