Zero trust informs all enterprise security
Every day, hackers from well-organized and well-funded entities including criminal groups and nation-states are working hard to breach your network for financial and other gains. And as cybersecurity experts have warned repeatedly, it is no longer a question of if you'll be a target but when.
Today, organizations are fending off everything from ransomware and zero-day exploits to supply chain breaches and a slew of other sophisticated attacks. How worried should you be? Very. As Aruba CTO Simon Wilson puts it, "If you've built a 10-meter wall, they're going to build a 12-meter ladder. It's an arms race—there's no question about it."
That's why many organizations are now bolstering their security arsenal with a different approach to protecting their data: zero trust. Under a zero trust model, all activity on the corporate network is viewed as untrustworthy until proven otherwise.
But along with zero trust, experts emphasize the need for other measures, including network microsegmentation to avoid lateral movement by attackers, initiatives to better train users and provide them with the right techniques and tools, and of course, a focus on good cyber hygiene and security basics.
To learn more about these best practices and why zero trust is fast becoming the default model for securing networks, check out some of our top stories.
"Cybersecurity attacks have reached epidemic proportions," says Dr. Eng Lim Goh, senior vice president and chief technology officer for artificial intelligence at Hewlett Packard Enterprise. From taking down financial networks and other critical infrastructure to forcing hospitals offline and endangering lives, cybercriminals are targeting organizations large and small across industries—and the risks are growing.
An Executive Order from the Biden administration has endorsed the philosophy of zero trust for IT security. It orders the government to identify "critical software" and take special measures to protect it.
The U.S. government's order to "advance toward zero trust architecture" is a compelling start, but how do you make zero trust a real thing? Without full trust in hardware and system software, the model isn't possible. New approaches are needed.
What do the Danish government, EasyJet, and Experion South Africa have in common? Combined, they exposed the data of tens of millions of citizens and customers over the past year. As hackers up their game, the zero trust model is increasingly seen as the best way to keep networks protected. This episode of Technology Untangled explains how it works.
When attackers access your network—and they will—they establish a toehold and move laterally to more valuable systems. The best way to limit the number of lateral movements attackers can perform is microsegmentation. With aggressive segmentation of the network, IT gains the control it needs to enable a zero trust architecture.
Wide-reaching hacks such as SolarWinds and others may have security teams thinking that they should focus on preventing supply chain breaches, zero-day vulnerabilities, and other sophisticated attacks. But companies that have good cyber hygiene and consistently stress security basics prevent more attacks and find intrusions faster.
People are usually the weakest link in the cybersecurity chain, falling prey to phishing schemes that give malicious actors an entryway into the corporate network. When users don't know how to be appropriately circumspect in computing situations, the organization leaves itself open to attack. But with the right training, tools, and techniques, users can protect themselves and the organization.
You've heard it before, but it bears repeating: COVID-19 changed everything, and the quick shift from the office to working from home introduced new types of security threats. A zero trust model, along with user education and adjustment to a hybrid IT world, is key as traditional notions of enterprise security disappear.
The list of security best practices can be long, and implementing them can be difficult. That means companies have to prioritize the most important ones. As these seven best practices highlight, high-performing teams implement innovative security techniques like zero trust and technologies like machine learning.
In their rush to digitally transform, enterprises are increasingly turning to hybrid IT models. But they often find that conventional identity and access management doesn't keep up. While there's no easy answer, many are implementing zero trust, an approach to identity and access management that establishes that no user or software action is trusted by default.
This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.