• Email Us: [email protected]
  • Contact Us: +1 718 874 1545
  • Skip to main content
  • Skip to primary sidebar

Medical Market Report

  • Home
  • All Reports
  • About Us
  • Contact Us

The only one way to tackle ransomware: Zero Trust

September 2, 2021 by David Barret Leave a Comment

Following a major ransomware attack that hit a key US pipeline this year, President Biden mandated government bodies to adopt technologies around Zero Trust network access (ZTNA). Other governments are now expected to move more quickly towards adopting ZTNA, and those enterprises competing for government contracts will be expected to adopt Zero Trust to secure both their and their government customers' networks.

About the author

Tony Scott is a ColorTokens board member and former federal CIO of the US government.

But whether involved in the public sector or not, all organizations should look to ZTNA as a way of tackling and mitigating the danger posed by ransomware and other evolving threats. When it comes to cybersecurity, companies and governments have too long delayed the systemic overhauls necessary to defend against increasingly sophisticated and common attacks.

Cyberattacks like the Colonial Pipeline ransomware attack this year and the SolarWinds hack at the end of last year have not only wreaked havoc on individual companies' reputations, operations and revenue, but have also disrupted society at large by disabling infrastructure.

The threat is constant. Kaseya, which operates in the same field as SolarWinds, in delivering management software and security to service providers, just recovered from its own supply chain” ransomware attack. The attack crippled customer systems across Europe, parts of Asia and North America for well over a week. After that incident, also in July 2021, UK rail company Northern Rail was the victim of a ransomware attack that hit its brand-new ticketing systems.

An order

As a response to the growing threat landscape in the US and beyond, this May, President Joe Biden signed an Executive Order on Improving the Nation’s Cybersecurity, that promises “bold investments” to modernize the federal government’s cybersecurity efforts.

In a recent memo, the White House also urged the private sector to focus more resources on cybersecurity and recommended that companies segment their networks, which is the first step in a Zero Trust security implementation. In brief, a Zero Trust security model and Zero Trust network access (ZTNA) treat all users and traffic as untrusted, requiring strict identity verification for every user, device, and process before granting any permissions. ZTNA grants the least access possible for legitimate users to do their jobs.

In the report, “What Are Practical Projects for Implementing Zero Trust?” (published March 2021), Gartner recommends organizations implement Zero Trust by focusing on two complementary projects: (1) Zero Trust network access and (2) identity-based segmentation. A Zero Trust approach acknowledges that the biggest threats to security can come from lateral movement within a network, and that threats have to be fought from the inside out as well as from the outside in.

It’s become increasingly obvious that traditional, reactive, perimeter-based security approaches don't have a fighting chance against today’s increasingly sophisticated cyberthreats.

What’s stopping companies from using Zero Trust?

A number of challenges, psychological or material, can hold organizations back from committing to Zero Trust security. The biggest worry is fear of the unknown: “What am I going to break by changing over my current cybersecurity posture to a totally new process?”

A second common barrier is a misapprehension that moving to a Zero Trust architecture will create workload overload for the team. Other barriers to implementing Zero Trust solutions include a lack of skills, time, budget, or managerial commitment.

However, as companies realize just how much of their revenues and reputations are at stake, it becomes clear that the investment in Zero Trust architecture far outweighs the implementation challenges. What's more, the modern, cloud-based security technology of today helps make Zero Trust a reality for businesses without so much heavy lifting, regardless of the size of their networks or existing security tools.

Companies should look at Zero Trust implementation as a journey broken into three parts:

1. Start with micro-segmentation

Segmenting networks is one of the first things companies should do to protect themselves against cyberthreats. Micro-segmentation is the practice of dividing networks into different segments with complete control of the traffic going through and between network segments. The goal of micro-segmentation is to prevent threats from spreading laterally throughout an organization.

For the most effective micro-segmentation approach, businesses should begin with a full-picture view of all networks within the organization. You must have visibility into the network, application, workload, and process level, as well as visibility into multi-cloud or on-premise data centers where assets are distributed across geographies.

Today’s advanced security technologies help businesses achieve this level of visibility in just minutes, and with that 360-degree view businesses can begin to divide networks into logical segments in line with the infrastructure of the business.

2. Build the Zero Trust muscle

Anything worth doing requires learning, practice, and refinement, and Zero Trust is no exception. Adopting Zero Trust doesn’t mean installing new software and calling your work done. It represents an entirely new security strategy and thus significant change to your processes, so it’s important to build the muscle as you go.

Security technology that enables software-defined micro-segmentation can help businesses build this muscle quickly. While segmentation is not a new approach to security, as businesses have transitioned to the cloud and employees have become mobile, VLAN/ACLs (access control lists) and internal firewalls no longer provide effective protection.

Fortunately, next-generation technologies enable software-defined frameworks that allow for segmentation beyond on-premise environments and into hybrid, multi-cloud ones. This means that regardless of whether a company’s workloads are stored in a data center or in the cloud, organizations can implement and scale Zero Trust security in their already-established infrastructures with ease.

Eventually, all access requests should be verified according to defined security policies before authorization, but you have to build the muscle. Considering the complexity of enterprise networks, implementation of Zero Trust can be simplified by deploying solutions that allow context-based, dynamic policy enforcement across data center and hybrid cloud environments.

You can start with a small, manageable patch of territory and practice learning these tools before rolling them out to the entire organization. A policy engine can make recommendations for you and allow you to test policies in simulation mode, reducing uncertainty and apprehension.

Depending on your industry, you might focus first on improving compliance with healthcare regulations such as HIPAA or data privacy laws such as the EU’s General Data Protection Regulation (GDPR). Find the most compelling or critical use cases, and then use what you learn to grow from there.

Once they build the muscle, I’ve found that many businesses can move quickly in scaling Zero Trust implementation, especially with today's cloud-delivered platforms. In my experience, it's not likely that you'll get it right instantly. But you will get better quickly as you go.

3. Overcome the organization's internal silos

Often in organizations you’ll have some people who are really adept in a certain domain — server or cloud administration, or end-user device administration — but don’t know that much about “brother and sister” domains. Really good implementations of Zero Trust help to break down some of those barriers and educate people across domains so they can work together to implement better security than before.

Every Zero Trust implementation I’ve seen has come with huge discoveries about the goings-on in the organization's security environment: network activity coming from the outside, no-longer-necessary internal interfaces that continue to run or misrouted activity putting a big burden on the network. Whatever the case, when organizations go through a Zero Trust journey, they gain new visibility into their environment — which often creates an “a-ha” moment.

Once you have embraced Zero Trust network access and a Zero Trust framework, you will be in a better position to isolate threats before they do real damage and recover much faster. Now, more than ever, it's important to take this proactive approach, rather than the traditional method of cleaning up messes after they happen.

  • We feature the best business VPN

source https://www.techradar.com/news/the-only-one-way-to-tackle-ransomware-zero-trust/

David Barret
David Barret

Related posts:

  1. “Our Mikis has gone”: ‘Zorba the Greek’ composer Theodorakis dies at 96
  2. WTO chief seeks fishing, pandemic accords by year end
  3. 5 Star Wars games we’d love to see on PC
  4. The best cheap PS4 bundles, deals and prices in September 2021

Filed Under: News

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

  • Look Alert: The Most Active Volcano In the Pacific Northwest Is Probably About To Blow, Maybe
  • Should We Be Using Microwaves?
  • What Is The Largest Deer On Earth?
  • World’s First CRISPR-Edited Spider Produces Glowing Red Silk From Its Spinneret
  • First Ever Image Of “Free Floating” Atoms, The Nocebo Effect Beats The Placebo Effect When It Comes To Pain, And Much More This Week
  • 165-Million-Year-Old Fossil Is New Species Of Ancient Parasite. Did It Come From A Dinosaur’s Butt?
  • It’s True: Time Really Does Move Slower When You’re Exercising
  • Salmon Make Some Of The Most Epic Migrations In Nature. Why Do They Bother?
  • The Catholic Apostolic Church In Albury Has Been Sealed “Until The Second Coming”
  • The Voynich Manuscript Appears To Follow Zipf’s Law. Could It Be A Real Language?
  • When Will All Life On Earth Die Out? Here’s What The Data Says
  • One Of The World’s Rarest And Most Endangered Mammals Is *Checks Notes* A Unicorn
  • Neanderthals Used World’s Oldest Wooden Spears To Hunt Horses 200,000 Years Ago
  • Striking Results Show Neanderthal Crafters Were Sharper Than We Thought
  • Pioneering Research Reveals How Darkness And Light Made The Parthenon Appear Divine
  • Peculiar Material Revealed To Have Hidden Quantum State That Can’t Be Flipped In A Mirror
  • Extremely Rare Belalanda Chameleon Found Living 5 Kilometers Outside Its Very Small Range
  • Frogs Are So Vulnerable, How Did They Survive When T. Rex Didn’t?
  • Florida Man Gets Too Close To Bison In Yellowstone, Promptly Finds Out Why This Is A Bad Idea
  • Is A Bone A Worthy Weapon When Fighting The Rancor? What About A T. Rex?
  • Business
  • Health
  • News
  • Science
  • Technology
  • +1 718 874 1545
  • +91 78878 22626
  • [email protected]
Office Address
Prudour Pvt. Ltd. 420 Lexington Avenue Suite 300 New York City, NY 10170.

Powered by Prudour Network

Copyrights © 2025 · Medical Market Report. All Rights Reserved.

Go to mobile version