The rules for corporate cyber security have evolved over the years, as new attacks pose greater threats to the networks and infrastructures companies work so hard to protect. The traditional model centered on a “castle and moat” philosophy, with an assumption that anyone inside a network was not a threat, but those outside certainly could be. Unfortunately, even trusted users inside can become a threat if compromised.
Zero-Trust Changes the Rules
The more effective modern framework doesn’t put the perimeter at the focus of the discussion. In zero-trust security, users are granted access not based on their location (such as at the office or at home), but rather based on their role and identity, and authentication occurs on a continual basis, rather than just at the network perimeter. Zero trust restricts unnecessary lateral movement between service, systems and applications, with the thinking that any user’s identity could be compromised. By limiting who has privileged access to data assets reduces the threats from bad actors.
According to a Gartner study, zero-trust network access is the fastest-growing segment in network security, and it is expected to grow 31 percent in 2023, up from 10 percent in 2021. The group says 70 percent of new remote access deployments for corporate environments in 2025 will have transitioned to zero-trust from virtual private networks (VPNs). VPNs were found to be less secure by IT professionals, more easily breached, and less efficient with network bandwidth.
Zero-Trust Security Best Practices
Zero-trust security is designed (to a great extent) to prevent malicious activity in the network. Network managers can rely on a few best practices as they build out their zero-trust protocol:
Deploy Micro-Segmentation
A zero-trust framework most commonly relies on micro-segmentation to enable the IT organization to wall off network resources in specific zones. Doing so helps contain potential threats within the silos and prevents them from spreading laterally throughout the network infrastructure. Micro-segmentation allows administrators to apply granular role-based access policies, particularly those that content the most sensitive systems.
Limit Long-term Access
As hackers and other bad actors easily adapt to the nuances of a digital ecosystem, it is important to ensure that user access is limited with a permissions and validations based on each individual request, rather than allowing long-term access to a network and its resources.
The rules for corporate cyber security have evolved over the years, as new attacks pose greater threats to the networks and infrastructures companies work so hard to protect. The traditional model centered on a “castle and moat” philosophy, with an assumption that anyone inside a network was not a threat, but those outside certainly could be. Unfortunately, even trusted users inside can become a threat if compromised.