Interest in Zero Trust has exploded recently, partly due to its catchy name and seemingly broad usage throughout the cyber security industry (Zero Trust washing?). But, there is also another more compelling reason for the rise in interest in Zero Trust – we really need it. When speaking with customers, many of them tell me they are struggling to get a handle on the risks associated with hybrid work and direct-to-app connectivity. The new reality is that our attack surfaces have expanded dramatically while cyberattacks…
As hybrid work is here to stay for a vast majority of organizations, there are three secure user access scenarios that most affect an organization: remote employees; branch offices; and accommodating new, contingent, or traveling workers. Remote employees Every remote employee is essentially an internet gateway. With remote access services transitioning to identity-based controls, attackers will be opportunistic by targeting credentials. And why not? Let’s think about digital access the same way we think about physical access to a building. What’s easier for gaining access…
Introduction Years after the term was coined by Stephen Paul Marsh in 1994 and popularized by John Kindervag more than a decade ago, Zero Trust has become the “new” security solution that addresses the confluence of today’s three critical factors and the emergence of what amounts to a cyber-war on businesses and governments. Zero Trust switches the focus from outward-facing defense of a network perimeter to prevention of unauthorized exfiltration of data and other exploits. This short work looks at why it has become virtually…
On January 12, 2010 Google wrote a blog revealing to the world that it had been breached by attackers sponsored by a nation state. The attack is now known as ‘Operation Aurora’.[i] Subsequent investigations showed that many other enterprises and government organizations had also been breached by the same attackers. Among other things, these hackers were targeting source code repositories via software configuration management systems. Any entity that had already breached perimeter network security and had created a presence on an internal system could reach…