2019 was on track to be the worst year yet for cybercrime, according to analyst group Risk Based Security. Attacks have not only been increasing in frequency but in cost to businesses as well. With some cybercrime impacts estimated in the millions of dollars, organizations are spending ever-more resources on tools, people and procedures for cybersecurity. In fact, according to Cybersecurity Ventures, global cybersecurity spending is expected to exceed one TRILLION dollars by 2021. (That’s 12 zeros, and that’s insane.)
One such cybersecurity strategy businesses are using is the Zero-Trust model. What is it, and how can you use it to your advantage? We explain below.
The Zero Trust model was originally developed by Forrester Research and can be explained by the simple motto of “Never trust, always verify.” Essentially, it requires verification regardless of whether an attempt to connect to an organization’s system or data came from inside or outside the corporate network. When networks are boxed in like this, it can make it difficult for malware to spread inside a network, or in some cases, even prevent it.
How can you develop a zero-trust model? The more layers of security you bake into your overall strategy, the closer you are to a zero-trust model. Layers include:
Think of this as your contractual requirements and staff training as well as documented policies, procedures, and independent audit reports to lower your organization’s risk. This is especially important if you have compliance standards to meet, such as HIPAA. This dedication to process, or administrative security, should include the following:
Documented policies and procedures are only effective if employees are regularly made aware of their existence and trained on them. The mishandling and misuse of sensitive data can potentially lead to a data breach. Check the last dates of employee training, and don’t be afraid to ask about hiring policies to ensure your data is in safe hands.
What technical tools are you using to protect your infrastructure, and are you using tools in every layer of the stack? While having too many disparate tools spread across the business can actually cause security issues, you want to ensure you and/or your provider take a defense-in-depth approach to protecting your infrastructure. Consider tools such as Web Application Firewall (WAF), File Integrity Monitoring (FIM) and Vulnerability Scanning that can be employed at the application, network and hypervisor levels.
Physical safeguards: Just like a bank has locked doors and a safe for its valuables, so should the physical location where your data rests. Whether that’s your own data center or that of a third party, physical security is a must that shouldn’t be taken for granted. What kinds of access rights are granted to visitors? Do you have logs that detail names and purpose for visiting? Security cameras around your racks and cages?
With the rise in cybercrime unlikely to stop anytime soon, the Zero Trust security model is one that more businesses are beginning to embrace and can help fight against malware such as ransomware. When you take a defense-in-depth approach to security and bake it into as many layers of your infrastructure as possible, regularly review your documented security policies and procedures and ensure employees are properly trained on those procedures, you will take great steps as an organization to secure your data against malicious attacks.
Looking for a cloud provider that takes security as seriously as you do? Otava bakes security into its people, processes, and technology, and its 12 locations worldwide are audited independently against physical, administrative and technological safeguards every year to ensure sensitive data is always secure and protected. Contact us to see how we can help secure your data.