Tag Archives: Zero trust

Set High Standards for Cybersecurity

SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News,

As we know, October is Cybersecurity Awareness month. There is much to be aware of, including how to prepare for an attack, current threats, how well your data is protected, and who has access to it. Read on to learn how following rigorous compliance standards helps your cybersecurity efforts.

 

Rigorous Standards Aid Cybersecurity Efforts

 

Currently, new standards are being drawn up in the form of the Cybersecurity Maturity Model Certification, a Department of Defense program that applies to Defense Industrial Contractors and by extension to those businesses doing business with defense contractors. According to CISCO, the CMMC is designed as a unifying standard to ensure that contractors properly protect sensitive information. Three levels exist, with Level One containing seventeen practices to follow. Level 2 is more stringent, and Level Three is the highest. Domains within the model include Access Control, Identification and Authentication, Incident Response, Awareness and Training, among others. A few of these domains (like Identification and Authentication) could incorporate zero-trust, a paradigm gaining ground in the cybersecurity community. 

 

Considering Zero Trust as a Cybersecurity Model

 

“Trust, but verify” as the saying goes. However, in cybersecurity efforts it should be “Verify, then trust.” Zero-trust is the practice of identifying each request for access to the network, and authenticating or verifying the request as a prerequisite for access to systems. The zero-trust paradigm still is a work in progress, because it’s a different way of thinking about cybersecurity, one that includes all of the organization and influences workforce and workflow decisions. The Cybersecurity Maturity Model Certification has the idea of zero-trust built in, and even aligning your cybersecurity efforts with the practices of the first level should help considerably.

 

CMMC’s Role in Cybersecurity and  Compliance

 

Even if your business does not work directly with Department of Defense contractors, you have good reason to model your cybersecurity and compliance efforts on CMMC’s standards for data protection and compliance. First, CMMC can fit within your current infrastructure and help you comply with already-applicable regulations like PCI-DSS or HIPAA. Second, If your business does any work with government contractors, your compliance will eventually be required to comply at one of the three levels. Following CMMC can help you keep your system safe by only allowing authorized entities to access your network (“zero-trust”), and protecting your data. All of the CMMC domains pertain to aspects of cybersecurity, and could make your cybersecurity and compliance efforts easier. 

 

Cybersecurity, once an additional IT component, is continually becoming integral to a company’s way of doing business. To learn more about how we can help you with your cybersecurity and compliance efforts, contact your trusted technology advisor today.

Getting Started with Zero Trust

SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News

Treating even employees like possible intruders may seem harsh. Yet, with so many devices connected to cloud services and the Internet, “zero trust” may be the best way to keep your company safe from cyber attacks, as it can verify each and every request for access and give workers the resources they need for their roles. Read on to learn more about how zero trust can keep your network secure while keeping you productive. 

 

The Need for Zero Trust

 

With innovations like cloud computing come issues involved in protecting digital assets (data, applications, and more). More devices connected to the cloud (via the Internet) and also to business networks, causes the attack surface to expand. No longer can businesses assume that the security perimeter exists within company boundaries. People can connect anywhere, anytime, with the surge in remote work during the last couple of years. “Zero trust” is a way of verifying each and every request for access, and is vital to protecting a company’s digital assets. With millions of dollars and weeks of time needed to heal a breach, zero trust can save your company money, time and even reputation. 

 

Principles of Zero Trust

 

According to the Cybersecurity Infrastructure Security Agency article, zero trust is “access to an information resource (data, applications, services) for a specified period of time, with the least possible privileges.” A primary principle of zero trust is verifying each and every access request. Questions asked involve the identity of the request, the health of the device the request comes from, and the role of the entity requesting access–so you know who’s trying to access your network.  Even legitimate actors are asked to go an extra step, providing a one-time code, for example. This multi-factor authentication is a good first step toward zero-trust. Even after verification, users may be allowed access only to certain parts of the network (least possible privilege), in order to carry out their duties. These multiple, granular verifications have the additional benefit of gathering intelligence about requests to the network, in order to detect anomalies and possible intrusions by malicious actors.

 

Zero trust, even with its suspicious connotation, may be what companies need in order to protect their networks against cyber attack. For help setting up zero trust for your organization, contact your trusted technology advisor today.