Skip to content
Tiatra, LLCTiatra, LLC
Tiatra, LLC
Information Technology Solutions for Washington, DC Government Agencies
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact
 
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact

The New Cybersecurity Motto: Trust is Not an Option

The discovery of the Log4j vulnerability in December 2021 is one of the more recent and prominent reminders of why cybersecurity teams need to implement a zero-trust security architecture.

Not that they should need reminders. Incidents are happening every day, and some of them — such as ransomware attacks that may impact virtually entire supply chains — make a lot of headlines. In the case of Log4j, a Java-based logging utility that’s part of the Apache Logging Services, security researchers found a zero-day security vulnerability involving arbitrary code execution.

This was no garden variety vulnerability. Security experts described the flaw as being one of the biggest and most critical discovered in recent years. And it provides a glaring example of how at-risk organizations can be. New software vulnerabilities are being uncovered all the time, and some of them can lead to serious security breaches and lost data.

As cybersecurity and IT leaders know all too well, the complexities of security have increased significantly in recent years. Not only are attacks becoming more sophisticated, but also cybercriminals are more organized than in the past, and in some cases well-financed by nation-states.

In addition, the attack vector has broadened considerably in recent years. More people are now working remotely, and in many cases, they are using their own devices and networks to access critical business data.

Furthermore, the use of cloud services and multi-cloud strategies continues to increase. Sometimes cloud deployments are not even on the radar of central IT and therefore not managed as other IT assets might be. Given the rise of cloud services, remote work and mobile environments, the concept of perimeter defense has been obliterated. There is no longer such a thing as a perimeter, or perimeter defense.

The necessity of zero trust 

These developments provide good reasons for organizations to shift to a zero-trust model of cybersecurity. The concept is fairly simple: trust no user or device, and always verify. A successful zero trust approach considers three things: a user’s credentials, the data the user is trying to access and the device the individual is using.

By combining the principle of least privilege with a modern approach of contextual access, multi-factor authentication (MFA) and network access, organizations can maintain a more agile security model that is well suited for a cloud-heavy and mobile-centric environment.

The result of the zero-trust approach is that organizations can reduce their attack surface and ensure that sensitive data can only be accessed by those users who need it under approved, validated context. This serves to greatly reduce risk.

Traditional zero-trust practices have typically focused on network access and identity and access management (IAM) through single sign-on (SSO). With remote work now encompassing such a large portion of end-user access, however, device posture is increasingly important as devices act as the new perimeter in a perimeter-less world.

By adding device validation to their security protocol, enterprises can defend against criminals who steal credentials or devices and use them along with MFA to gain access to networks and data.

If a network environment is monitored for noncompliance or critical vulnerabilities, then securing the device is the last defense to having compromised sensitive data. This is why it’s so important to adopt a converged endpoint management solution as part of the zero-trust approach.

Here are some of the key components of a zero-trust practice that organizations should consider:

  • Device compliance monitoring and enforcement. This confirms the security posture for devices and gives security teams the control to take action if something is not right. 
  • IAM. This provides authentication checks to confirm an individual’s identity and compares the user’s access against role-based rules.
  • Network access. Organizations can control access to resources and network segments based on a user’s persona and the device being used. 

Don’t neglect security fundamentals

Along with deploying the zero-trust approach, organizations should pay heed to security fundamentals. For example, they need to patch vulnerabilities as soon as they are identified. The Log4j development showed why that is important.

Patches should be installed and updated, but not in a haphazard way. Comprehensive patch-management programs should encompass all devices used in the organization that are connected to the internet and corporate networks.

Another good practice is to reassess all endpoints where systems are vulnerable to attacks. This includes conducting an audit of all those systems and devices that have administrative access to network systems, and an evaluation of the security protections on any sensors or other internet of things (IoT) devices tied to networks.

On a longer-term basis, companies need to reassess how they gather, store and categorize the growing volumes of data they are managing. That might mean segmenting data so that more stringent security controls are placed on access to the most sensitive data — such as personal information or intellectual property.

In addition, organizations need to be vigilant about using MFA and strong passwords. Networks have been compromised because hackers guessed users’ passwords, which suggests a need for policies that require more complex passwords or the use of MFA.

Users can be unintentionally careless when it comes to cybersecurity practices, so providing good training programs and running awareness campaigns are also good ideas to educate everyone in the organization. These programs should cover examples of phishing and other attacks, as well as social engineering techniques frequently used by bad actors to gain sensitive information or network access.

By deploying a zero-trust model and taking care of the cybersecurity “basics,” organizations can put themselves in a position to defend against the latest threats, including ransomware. 

Security today requires more than simply managing identities and authenticating users. It needs to assume that anyone or anything trying to get into the network is an intruder — until proven otherwise.

Explore more zero-trust resources from Tanium to learn how to successfully implement this methodology at your organization.

Zero Trust


Read More from This Article: The New Cybersecurity Motto: Trust is Not an Option
Source: News

Category: NewsMay 18, 2022
Tags: art

Post navigation

PreviousPrevious post:The Age of Zero Trust SecurityNextNext post:Canadian low-cost carrier Jetlines flies straight into the cloud

Related posts

휴먼컨설팅그룹, HR 솔루션 ‘휴넬’ 업그레이드 발표
May 9, 2025
Epicor expands AI offerings, launches new green initiative
May 9, 2025
MS도 합류··· 구글의 A2A 프로토콜, AI 에이전트 분야의 공용어 될까?
May 9, 2025
오픈AI, 아시아 4국에 데이터 레지던시 도입··· 한국 기업 데이터는 한국 서버에 저장
May 9, 2025
SAS supercharges Viya platform with AI agents, copilots, and synthetic data tools
May 8, 2025
IBM aims to set industry standard for enterprise AI with ITBench SaaS launch
May 8, 2025
Recent Posts
  • 휴먼컨설팅그룹, HR 솔루션 ‘휴넬’ 업그레이드 발표
  • Epicor expands AI offerings, launches new green initiative
  • MS도 합류··· 구글의 A2A 프로토콜, AI 에이전트 분야의 공용어 될까?
  • 오픈AI, 아시아 4국에 데이터 레지던시 도입··· 한국 기업 데이터는 한국 서버에 저장
  • SAS supercharges Viya platform with AI agents, copilots, and synthetic data tools
Recent Comments
    Archives
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    Categories
    • News
    Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Tiatra LLC.

    Tiatra, LLC, based in the Washington, DC metropolitan area, proudly serves federal government agencies, organizations that work with the government and other commercial businesses and organizations. Tiatra specializes in a broad range of information technology (IT) development and management services incorporating solid engineering, attention to client needs, and meeting or exceeding any security parameters required. Our small yet innovative company is structured with a full complement of the necessary technical experts, working with hands-on management, to provide a high level of service and competitive pricing for your systems and engineering requirements.

    Find us on:

    FacebookTwitterLinkedin

    Submitclear

    Tiatra, LLC
    Copyright 2016. All rights reserved.