Unlocking Zero Trust: Enhancing Your Secret Handshake  

3 July 2024
img

In the world of cyber security, the concept of  Zero Trust has been buzzing for years. It’s not just about firewalls or perimeter defences, it’s a mindset shift that challenges every aspect of the internal, private and public cloud services that you rely on. 

Imagine a secret handshake – a unique, trusted interaction, trusted for collaboration and systems access. In a modern world, it’s maybe not enough, but when you evolve the handshake into a modern dynamic interaction you gain far more context. We can now derive our zero trust session from: 

– Our basic secret handshake (our passwords or cryptographic authentication)

– Constantly checking pulse, grip strength, and body language

– Assessing the environment around us for potential threats 

– Considering the context of why we’re meeting, what we’re about to discuss 

With the awareness of everything around us during our handshake, we’re ready to adjust at any moment based on all these factors. Let’s explore how your organisation can grow its awareness and evolve its Zero Trust secret handshake, ensuring security without compromising user experience.  

Adopt an Assume Breach Mentality  

Close your eyes and imagine someone watching your every move at work. Now extend that to threat actors – from amateurs to nation-state spies – reading your Teams chats, scanning through your data or code, capturing your passwords and gaining access to your systems. Their goal? Not just quick and easy data theft or ransom; it’s learning and lateral movement, undetected over time, with the outcome of being able to manipulate you, your colleagues or customers in any way they need.  

Why “Assume Breach”? 

Take a Proactive Stance: It’s important to anticipate threats rather than react to them.  

– Ensure important data is protected at rest.  

– Use Multifactor Authentication (MFA) to ensure leaked credentials aren’t a single method of access systems.  

– Have well-rehearsed patch and vulnerability controls to protect from efficient threat actors come Microsoft Patch Tuesday. 

– Be aware of the changing threat landscape and be agile in adjusting defences to meet the challenge.  

Lateral Movement: Design infrastructure, IT systems, and networks to restrict and detect unauthorised movement.  

– Have a security team well versed in the technology they’re protecting, ensure your identity systems have all the right controls to prevent excessive and unconstrained access roles 

– Use Privileged Access Management (PAM) to ensure just-in-time access for those credentials that matter the most.  

Identity-First Approach: Identities are your cornerstone for Zero Trust.  

– Prepare for the unexpected and design controls for proactive prevention and self-service remediation.  

– Take your users on the journey with you; ensure the unexpected extra MFA prompts or being prompted to change their password isn’t scary but reassuring.  

– Assume Breach is for everyone, not just the techies.  

Use Sensors for Insight: Think of sensors as your method of checking a handshake and person. Although it’s not a pulse or strength of grip, the intelligence is the threat indicators, identity data, and device health. But how are they used?  

Device Posture: Metrics like device health (posture) are more reliable than geographic location. Why? Because location varies based on IP address and ISP, while device health reflects the security state of the PC or phone being used.  

Adaptive Controls: Adjust metrics and sensors based on workload sensitivity or role. For example, accessing a highly sensitive workload might require stricter inspection or authentication and authorisation controls.  

All Identities You Trust, Zero You Don’t  

Your secret handshake involves identities. Treat every identity as something to welcome, look after, tidy up after, and wave goodbye to. Automate your joiner, mover, and leaver processes. Invest in revalidation of access and self-checks for standing access. Consider:  

Guesting and Federated Access: Gone are the days of issuing laptops with VPNs. Short-term access via these methods keeps your handshake exclusive. Worry about identity and access methods first, not as a last step for delivery.  

Designing Systems Access: Regularly check for unexpected outcomes. Test automations, identity source data, and group configurations. Always reduce potential blast radius and consider the “what if” for any new capability. Not all vendors get this right, so make Zero Trust part of your plans and discussion before even buying a service or making an investment.  

Be Aware of Context, Define Policy: End users appreciate context-aware policies; working on a trusted device with phishing resistant authentication methods should make the day job easier. User and Entity Behaviour Analytics (UEBA) can do the heavy lifting. Imagine a secret handshake that adjusts and reacts:  

User Behaviour: Modern UEBA systems analyse how people interact with devices and interfaces. Are they really who they claim to be? Why are they doing that today?  

Entity Behaviour: Is this device doing all the normal things, making the usual network connections, running the usual processes? Is it the device we know we trust?  

Balancing Security and Experience: Make policies seamless. Adaptive controls adjust for your users, rewarding the time and effort invested in doing the right thing.  

Zero Trust with Zero Fuss?  

Your secret handshake should be imperceivable to the untrained. Be sure you consider:  

Single Sign-On (SSO): Access applications seamlessly using the credentials and authorisations already obtained on the current device. Smiling at the camera in the morning could be enough for most people!  

Contextual Solutions: Complex secure access problems need context-aware solutions. Design for user experience and use the sensors available to make the right access decisions.  

Device Management: Ensure devices are healthy, patched, not compromised, and effectively managed to maintain a compliant posture. Implement self-healing mechanisms where possible, and provide clear guidance when you need user help to get their device back into a compliant state.  

Wrapping up  

At FSP, we deliver solutions that protect your identities, data and services while minimising friction for colleagues and customers. Zero Trust is here to stay, and getting it right means fewer incidents and a great yet secure experience. Get in touch if you’d like to explore Zero Trust further or learn more about our identity and cyber security solutions  

FSP can provide you with cyber services and an experienced team of experts dedicated to supporting you to deliver both tactical and strategic services. Please visit the chat function here or fill in your details below if you would like more information on how we can support you on your Cyber Security journey.