insights

Zero Trust

The notion of a secure network perimeter no longer applies.

With the rapid onset of digital transformation, the way business interacts and connects through the internet has exploded. Whether it is through cloud computing, Internet of Things (IoT) or increased home working, the attack surface has grown exponentially.

Reliance on ring-fencing the company network and defending the perimeter is no longer suitable at this time or how businesses work. Assuming that everything inside the network can be trusted leads to major crisis incidents.  In addition, the way we share information with our employees, our customers, and third-party suppliers means that the stand-alone data centre that contains all of our information is no longer the most efficient way of operating. Now the norm is a hybrid system with cloud-based applications working alongside on-premise data centres, and these systems and data being accessed from all over the world.

The concept of Zero Trust implies that trust cannot be implicitly granted to users or services based solely on their ownership or physical or network location.

Based on the work by John Kindervag in 2010, the concept of Zero Trust focuses on users, assets and resources.  Briefly, there are three main points:

This has developed over the years to include the assumption that if you are connected, then you will be breached.

The goal of Zero Trust is to prevent unauthorised access to data and services.  It achieves this by making the process of access control as granular as possible.  This increases the difficulty of not being detected during “lateral movement” of hackers once they have infiltrated the perimeter boundary.

In order to move towards a “Zero Trust Architecture”, there are some fundamental issues to consider in your organisation. Due to the nature of this paradigm, business functions and the IT function will require greater collaboration in defining the policies and behaviours of the normal day-to-day workflow:

  • Definition and location of critical assets and how are they accessed
  • Identity and Access Management to ensure access is not compromised
  • Third Party Risk Assessment and greater understanding into your entire risk environment
  • End device management including configuration and control
  • Security Information and Event Management tools and the use of AI to automate the majority of the monitoring function

At Tannhauser, our Assess and Enhance functions are the perfect solution for those that wish to implement Zero Trust Architecture.

In Assess we review your existing cyber security services and its alignment with your business risk. We also consider:

  • Governance review for support of function and long-term objectives
  • Do policies define access to critical data?
  • Risk assessment and assurance services
  • Zero Trust maturity
  • Does the Zero Trust strategy align well with the organisation that delivers this policy?

Based on the results of the Assess phase, Tannhauser will build and Enhance your cyber security operations around the Zero Trust paradigm:

  • Segmentation of networks
  • Improved dynamic analysis of your network traffic to improve response to abnormal events
  • Greater collaboration between operational and IT teams
  • Understand how your data and systems should be accessed appropriately

To understand what Zero Trust means for you and your business, we are on hand to help address any questions and how this applies to your business.

Contact our team to talk further

Thank you!
Your submission has been received!
Oops! Something went wrong while submitting the form.

Download this Insight

Enter your details

Or just download the pdf here
Thank you!
Your submission has been received.
Download
click here
Oops! Something went wrong while submitting the form.

more insights