Core Blog

Understanding data protection in a zero trust world

Written by Core Newsroom | Jul 7, 2020 9:30:00 AM

As much of the workforce continues to work from home or remotely, Core has renewed our focus on security with a series of security-themed webinars designed to empower organisations to stay secure in the changing working landscape.

In our latest webinar, led by our Client Solutions Director, Eamon McGann, we explored how to understand data protection in a zero trust world. At its core is the question: how do we understand the data that we have, and once we've understood it, how do we manage and protect that data?

What is zero trust?

At it's simplest, zero trust is a security architecture model which is based around a "trust no one" approach". Nobody should be trusted until they are fully verified to access the resources, from inside and outside the network.

The events of 2020 mean that the traditional security perimeter has shifted. There are now lots more moving parts compared to before the Covid-19 pandemic, when the security perimeter was more defined and static. As the "front door" of an organisation, it is as important as ever that the perimeter is secure; but we need to know that it has moved in the wake of home working. We now have home and office security perimeters to consider. The zero trust approach covers all of these component parts.

Devices, people, apps and data

The next point to consider, is devices. How do we secure and manage devices and check what is happening at the end point? What is its status? Does it match corporate policies before we allow it on the network? These are key considerations for both on-premise and cloud resources.

People are also an important point to think about in the zero trust world. An organisation's people are their biggest asset, but also their biggest risk. People use passwords, and passwords leave organisations particularly vulnerable to security hacks and breaches. Studies have shown that 64% of users write down passwords, and 56% of people use the same password on all internal systems. Some eve use their work passwords on social media networks and public websites. So, this is a huge risk for hacking. Security measures like Single Sign On and Multifactor Authentication can help mitigate these risks.

In a zero trust world, applications need to managed effectively; especially when users are working on their own device. Conditional Access can be used to manage some of the content, and criteria can be set to only let users manage corporate content from an app and location that is approved.

Trust in the IT ecosystem

There are multiple levels of trust throughout the IT ecosystem, and the gold in the middle is an organisation's data. This is what hackers want to get to - and they will try all kinds of attacks to reach that data. As long as a policy and procedures are in place to manage and protect that data, the elements described above can be breached, but data will still be protected.