There is a secret recipe for maintaining robust network security within an organisation .
Today , ‘ Zero Trust Architecture ’ ( ZTA ), as a phrase , is a statement of intent that underpins every successful security strategy . To fulfil the promise , enterprises must think granularly about every external and internal resource and network . Knowing about every cog in its digital machine , the organisation can assess each process in context to determine whether it is what it claims to be .
Morey Haber , Chief Security Advisor , BeyondTrust
There is a secret recipe for maintaining robust network security within an organisation . Every organisation is different , and the network architecture within each one varies , based on office locations , remote workers , dependency on cloud services , data centres , operational technology , the type of data being processed and employees , contractors and even visitors that may need access .
Consequently , the network in every modern business should be designed for business efficiency but also to minimise risk and ensure modern attack vectors can be mitigated . With all of these variables , some fundamental concepts should be included in every design .
Morey Haber , Chief Security Advisor , BeyondTrust
The problem lies in gaining that all-encompassing visibility . Much of the region ’ s businesses , and many of its government agencies , have moved their IT infrastructures into the cloud . That means their security is reliant on the digital hygiene of third parties . For the enterprise that is trying to protect itself against attack , it is endlessly frustrating to be unaware of the digital assets running in its service provider ’ s data centres .
The first step in fulfilling a ZTA strategy is to overcome this visibility issue , which is made all the more difficult by another trend – that of the merger between the physical and digital worlds . The Internet of Things ( IoT ) has spawned many interesting use cases in the GCC . And the Industrial Internet of Things ( IIoT ) plays a huge role in efforts to scale up capacity through programmes like the UAE ’ s Operation 300bn .
The operational technology ( OT ) assets that are common in these use cases can often , in fact , not be found . When we cannot ascertain what is connected to what in our networks , then we cannot determine the complex interdependencies that would allow us to visualise vulnerabilities and potential attack vectors . And while network segmentation can help with protection , it ends up adding another layer of obscurity when we try to compile comprehensive , accurate asset inventories .
Our strategy to overcome all this complexity should be to focus on the processes and people around security . Zero Trust requires extensive knowledge of the IT environment to work . That knowledge may not reside in a single department or role , instead being distributed among silos . Collaboration is a matter of culture , not technology . Collaboration over time can bring unity .
Network segmentation divides a network into smaller , isolated segments as far down as possible , including individual assets and hosts to limit the spread of cyberthreats . This strategy ensures even if attackers breach one area , they can ’ t easily access others via lateral movement .
By separating systems , critical data and applications , organisations reduce attack surfaces and enhance control over traffic . It also improves compliance by enforcing security policies across individual segments , minimising the risk of widespread damage during a breach and paths to privilege escalation .
The Principle of Least Privilege ( PoLP ) is a cybersecurity best practice that limits user access to only what is necessary for their role via privileges , permissions , rights and entitlements , reducing potential risks .
By granting the least amount of access , organisations reduce the attack surface and prevent misuse of credentials with too many privileges . This approach helps mitigate insider threats , lateral movement and external attacks by ensuring that users , applications and systems operate with minimal permissions , thus safeguarding critical data and systems . It ’ s essential for strengthening organisational network security to limit any one user ’ s network access .
Enterprise password management centralises and secures access credentials , ensuring that only authorised users can manage and retrieve them . Enforcing best practices like password rotation , complexity requirements , session management and audit trails mitigates the risk of breaches stemming from weak or re-used passwords .
WWW . INTELLIGENTCISO . COM 39