• Latest
  • Trending
When Not to Trust Zero-Trust

When Not to Trust Zero-Trust

December 15, 2021
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
Airtel Africa Purchases $42M Worth of Additional Spectrum

Airtel Africa Purchases $42M Worth of Additional Spectrum

July 15, 2022
Huawei steps up drive for Kenyan talent

Huawei steps up drive for Kenyan talent

July 15, 2022
TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

July 15, 2022
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
Top 10 apps built and managed in Ghana

Top 10 apps built and managed in Ghana

July 15, 2022
MTN Group to Host the 2nd Edition of the MoMo API Hackathon

MTN Group to Host the 2nd Edition of the MoMo API Hackathon

July 15, 2022
KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Tuesday, 7 February, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

When Not to Trust Zero-Trust

by ITECHNEWS
December 15, 2021
in Leading Stories, Opinion
0 0
0
When Not to Trust Zero-Trust

Zero-trust is an increasingly popular cybersecurity model. Even the National Security Agency encourages the use of a zero-trust architecture, largely because of its data-centric approach to protecting critical assets across the network. Yet, no matter how good it sounds, it isn’t a perfect solution, as the NSA also points out.

“Systems that are designed using zero-trust principles should be better positioned to address existing threats, but transitioning to such a system requires careful planning to avoid weakening the security posture along the way.”

YOU MAY ALSO LIKE

Inaugural AfCFTA Conference on Women and Youth in Trade

Instagram fined €405m over children’s data privacy

That said, despite the many clear advantages of using zero-trust, how trustworthy are zero-trust architectures?

The NIST Tenets of Zero-Trust

There is an NIST framework of zero-trust architecture that includes the following:

• Data and computing services are considered resources.
• All communication should be secured, no matter its network location.
• Access to resources should be on a per-session basis.
• Access to resources can be determined through identity and/or behavior attributes.
• Monitoring security posture of resources.
• Enforce authentication and authorization.
• Use data collection to continue to improve security posture.

The framework is just that—a framework to begin building zero-trust architecture.

“These tenets are useful guideposts, but simply not enough to fully guide zero-trust architecture and subsequent implementation,” said Andrew Smallwood, chief technologist with Booz Allen Hamilton, speaking at the (ISC)2 Security Congress.

How Zero-Trust is Untrustworthy

Despite the increasing popularity and increasing adoption of zero-trust architecture, Smallwood warned there are pitfalls that could result in devastating cybersecurity incidents.

“Zero-trust is not a silver bullet. You can’t just set it up and forget about it,” Smallwood said. It requires vigilance and monitoring, and it also opens up your network and data to other security issues that must be addressed, which include:

• The assumption of full visibility of assets and control of network actions. Knowing your assets has to come before zero-trust is deployed, not after, or you will miss out on valuable protections.
• Dealing with legacy systems. Almost every organization has some legacy architecture in their security stack. Legacy systems hinder zero-trust because they don’t have the capability to support modern segmentation or identity and access management (IAM). Replacement of legacy systems is complicated; not only is it expensive, but in many cases, these systems perform their functions better than newer technologies, especially within government agencies.
• Updating across technologies is budget- and time-intensive. Zero-trust requires reclassifying authorization and database updates. The security architecture also needs to mesh smoothly with any digital transformation initiatives within the organization.
• It might be the wrong security architecture for OT systems.
• Zero-trust may not protect against shadow IT and BYOD. There are too many workarounds users have discovered that will allow them to bypass zero-trust architectures.

Downgrading Cybersecurity Posture

If these issues aren’t considered while transitioning to a zero-trust architecture, it could end up hurting your overall cybersecurity posture.

One problem that Smallwood has seen is a self-inflicted DDoS attack, where the organization making the transition to zero-trust unintentionally limits access and controls.

“By not properly establishing them, the organization could limit access to resources,” Smallwood said.

Also, the use of shadow IT and the workarounds used to access it creates a larger attack surface and then hampers the organization from fully using the full complement of its security resources.

Rebuilding Trust

There are two solutions available to resolve the problems within zero-trust, according to Smallwood—governance solutions and technology solutions, as well as hybrid solutions combining the two. Governance solutions involve long-term leadership engagement to ensure compliance, working groups to oversee implementation and to address the different stakeholder needs.

Technology solutions will allow organizations to take action, such as automatically denying access unless the user is approved as authorized and using tech offerings like app-aware firewalls to make sure segmentation is done correctly.

Hybrid solutions offer a holistic view of the zero-trust architecture and strategy. Zero-trust architecture can be extremely effective when the NIST framework is used as a foundation and the architecture is built with potential security problems in mind. If not, it can actually weaken an organization’s security posture.

ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022

Recent News

  • Inaugural AfCFTA Conference on Women and Youth in Trade September 6, 2022
  • Instagram fined €405m over children’s data privacy September 6, 2022
  • 5.7bn data entries found exposed on Chinese VPN August 18, 2022
  • Fibre optic interconnection linking Cameroon and Congo now operational July 15, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version