With almost everything available in the cloud, employees have access to all of their information from any location. While this newfound flexibility has changed the way we think about productivity, it has also created new cybersecurity challenges for organizations.
Historically enterprise data was kept in data centers that were protected by perimeter-based security systems. But with users using endpoints and networks your IT teams don’t manage, this approach has become antiquated.
To combat this new reality, organizations have turned to tactics such as relying on device management and antivirus software, as well as single sign-on and multi-factor authentication. Some vendors have even begun to claim these measures as a form of Zero Trust, a popular idea where organizations should not trust any entity and provide access to its applications and data until its risk levels are verified.
In this blog I’ll break down the differences between Zero Trust and True Trust.
Four key “just becauses” of Zero Trust
While most people understand Zero Trust concepts, it is an intricate and ever-changing journey. There is no magic bullet for achieving Zero Trust. However, there are many ways to visualise and use it in our day-today security and IT operations.
To figure this out, I recently invited Andrew Olpins, a solutions engineer at Lookout, onto our latest Endpoint Enigma podcast episode. After removing all of the advertising noise, we discussed how to start Zero Trust. Here are a few takeaways from our conversation:
1 — Just because a device is managed doesn’t mean it can be trusted
Often organizations default to managing devices to secure their endpoints. It is believed that employees are more secure if they have access to their devices. It’s just not enough. Although device management tools are able to push operating system and app updates, they do not provide any insight into endpoint risk. Zero Trust only works when you have a continuous understanding of an endpoint so you can make decisions about its access.
2 — Just because a device has antivirus doesn’t mean it’s free of threats
Malware is just one of the many ways a threat actor can compromise your organization. To avoid detection, attackers often employ more advanced tactics such as creating backdoors to infrastructure using remote access systems like remote desktop protocol (RDP), or virtual private network(VPN) that connect directly to the internet. They can also leverage vulnerabilities in operating systems or applications to gain additional access to an endpoint.
3 — Just because someone has the correct ID and password doesn’t mean they’re the user in question
Another way for an attacker to compromise an endpoint or an account is by using social engineering tactics. An attacker can use a variety of channels to send phishing messages to an account, including SMS, third-party messaging, email and social media platforms. With users having easy access to various enterprise apps such as Microsoft Office 365, Slack and SAP SuccessFactors, any of these accounts can be compromised.
This is where you need an integrated solution that can detect the context around a user’s behavior. With integrated data loss prevention (DLP) and user and entity behavior analytics (UEBA), security teams can understand the types of data a user seeks to access and whether it aligns with what they need access to and whether it’s normal behavior. These tools are essential to verify that a user is authentic and ensure Zero Trust.
4 — Just because we know them doesn’t mean they aren’t a risk to your organization
Even when you have figured out that a device or endpoint is legitimate, doesn’t mean they aren’t a threat to your organization. Internal users can pose a threat, even if they are not malicious. I recently wrote about Pfizer intellectual property being stolen by an employee that went rogue. In addition to malicious insider threats, any of us could easily share content to unauthorized users accidentally.
Like what Sundaram Lakshmanan, Lookout CTO of SASE Products, wrote in his 2022 Predictions blog, cloud interconnectivity has amplified user errors and compromised accounts threats, because data can now move at lightning speed. DLP and UEBA can be used to identify compromised accounts and prevent data theft by authorized employees.
Get your fundamentals right: deploy an integrated Zero Trust solution
The above misconceptions are common about Zero Trust. This concept should form the basis of all organizations’ security measures. Although my list is not exhaustive, it will help you to evaluate vendors who claim they can provide a solution to all your remote-first security challenges. In reality, no one can solve every piece of the Zero Trust journey.
Lookout has integrated Endpoint Security with Secure Access Service Edge technologies (SASE), to make sure your sensitive data is secure and not hinder your productivity as a work-from anywhere user.
How do we do it? Take a look at this webinar where we break down why Zero Trust isn’t just a buzzword, and how Lookout’s solution ensures that you can deploy intelligent Zero Trust that leverages telemetry from endpoints, users, apps, networks and data.
Note — This article is written and contributed by Hank Schless, Senior Manager of Security Solutions at Lookout.
