The Bedel Security Blog

Learning Not to Trust

Written by Brian Petzold | Apr 9, 2021

Most of our IT infrastructures were built to trust. From the time users sign on in the morning until they log off at the end of the day, the network trusts them as well as the computer that they are using. We assume that if a user successfully logs on that they are who they say they are, but we know that if an authenticated user’s computer is compromised during the day that this trust is abused by attackers to steal information or install malware. This has led to a concept called “Zero Trust”, a phrase you have likely heard frequently in the past year.

Zero Trust means that systems should be untrusting inherently and should continuously reverify the identity of users and the integrity of the systems they use to access critical resources. While this sounds simple, it is not. Zero Trust is not just authentication. Zero Trust extends to all aspects of a network.

If we do not trust anyone on our network, we need to stop relying on disk-level encryption and think more in terms of encrypting individual fields or records. We need to completely block any system which is unknown from being able to communicate on our network. We need to look at user behavior and make them re-authenticate when activity is seen that is suspicious. And we need to do all of this and more for users regardless of whether users are in the office, at home, or at the local coffee shop.

While many vendors use the phrase Zero Trust to sell products today, there is no single product that you can purchase that will provide Zero Trust. Zero Trust is a strategy, not a product.

A Zero Trust strategy needs to be supported from the top down in an organization because it will take time, cost money, disrupt processes, and inconvenience users. Organizations need to make the decision that this effort is worth the result: a network that trusts nobody inherently and thus keeps criminals from accessing and destroying important or sensitive data.

If this topic interests you and you'd like to learn more we're hosting a free webinar on Zero Trust Friday, April 7, 2021 from 2:00-3:00pm ET. It will be targeted at helping non-technical management understand what trust exists in their networks today and looking at how Zero Trust could change their risk footprint.

Visit https://www.bedelsecurity.com/zero-trust-webinar for more details!