The Enabling Technologies Blog

Our team of Cloud Strategy Advisors, Solution Architects, Engineers and former C-Suite Executives work diligently to provide our vistors with the most pressing information.

Keith Singleton /

How to Fearlessly Implement Your Zero Trust Strategy

"Zero what?"

So what does Zero Trust mean? Zero Trust has been a term that has been around a long time. Remember the X Files? Agent Molder would always tell his colleagues - “Trust no one”. That pretty much sums it up. You don’t trust anyone who is trying to access the network or company resources. Period.

Zero Trust differs in many ways from our traditional view of trust. Think of it this way, we all have locks on our doors at home. We know that if we give our keys to someone they can enter our house. But, we may not know “who” is entering since the keys could really be used by anyone. Now, what if we could only allow the keys to work if the person we explicitly gave them to showed up to use them? We use his/her “identity” to verify them before allowing the keys to work.

Under a simple two factor authentication process, we would require them to have the keys and know a PIN or some other password in order to enter. We cannot validate or verify who the person really is, only that they had the keys and knew the PIN or password.

Under Under multi-factor authentication we can begin to provide intelligent and biometric levels of authentication to augment the keys. For instance, now we may ask them for a fingerprint or face-ID (like on an iPhone) in addition to a PIN or password.

This allows us to know that the “identity” of the person entering our home has been validated and we won't be disappointed later to find a stranger has eaten all of our snacks.

 

"I'm doomed."

"Hmm. This sounds more complicated." Well, you are not wrong. In a way, it is more complex. For instance, now a user must use an authenticator app, password and /or biometric data to access resources.

So how is this better? It provides an extra layer of protection and complexity to foil hackers. Unfortunately, sometimes what foils hackers can also create unintended difficulty for our users and adversely impact productivity. “They will tar and feather me!“ Not so fast….

 

We learn from our mistakes

We can agree that making access more difficult for hackers is good, but it can be detrimental for our users mental health. So how do we simplify it? The good news is that companies like Microsoft have taken the bull by the horns to help ease this burden.

Using technologies like Azure AD (Active Directory), users can begin to enjoy an easier way of signing on each day. Password-less entry removes some complexity as does single-sign on. This makes it as easy as "being you" and still accessing what you need. The use of a biometric factor means that "you" become the complex password in the equation. Super easy right?

In addition, by implementing single-sign on (SSO), the user merely needs to login once while his/her credentials follow them while using resources and applications.

 

Zero Trust Principles

t1-1

"I'm not optimistic"... GOOD!

Zero Trust doesn't leave any room for optimism. We don't trust you unless you show us who you are. We won't allow you to have access to anything above what you need, and we are assuming you don't really belong there in the first place.

With these simple principles, you will have a solid foundation for implementing a cyber-security program within your organization.

Adopting a Zero Trust mindset can be tricky and counter-intuitive. Just keep in mind that you can be the pessimist, while offering your users a meaningful way to participate and reduce their burden. There are a few additional benefits to Zero Trust as well.

 

Anytime. Anywhere.

Many organization are still using VPNs to manage connections to network resources. One side benefit of Zero Trust is that these cumbersome, archaic VPN connections are no longer needed or recommended. Think about it. You establish a VPN but do you really know who is at the other end? Then why are you trusting the connection?

With Zero Trust, you can allow the users to have the freedom to connect without restriction because you are validating their identity, not just the tunnel or device they are using.

 

Ok, Maybe Be a Little Optimistic.

  • Zero Trust can not only amplify your security posture, but it can also simplify how your end users access resources.
  • Without the need for VPNs, you can save thousands of dollars every year on VPN appliances or support hours helping users connect.
  • Take a good look at the IT spend surrounding end user VPNs in your organization. My guess is, you could easily convert those expenses into services for implementing Zero Trust. Now that sounds optimistic!

In short, there are numerous reasons to adopt a Zero Trust framework. Many involve providing greater freedom to the end users and simplifying the overall user experience for access while creating stronger security. Still unsure? Walk through the following articles to get acclimated.

To learn more about Zero Trust and password-less login, use these links:

Microsoft Zero Trust Framework

Password-less Strategy

Looking to discuss your Zero Trust strategy with an eGroup expert? Contact our team today! 

Work with our team of Cloud Computing Consultants who have done this so many times they know all of the “minefields” to prevent missteps.

ref:_00D80KtFf._5000y1WwWQD:ref