Insiders are employees and others who are granted access to the system to perform certain tasks. The definition of insiders can be extended to non-employees, such as consultants, customers, suppliers and third parties, who also have a defined identity in the organization and access to various systems.
What is an insider threat?
Internal personnel have access to the system to perform tasks related to their job responsibilities. The combination of all the information they possess can ultimately pose an internal threat to the organization, and whether the actions of insiders are intentional or malicious, or caused by mistakes, accidents, or omissions, can cause damage to the organization, which can also lead to hackers destroying their access credentials through various means. Insider threats include identity theft and fraud, intellectual property theft, and reduced data integrity and system availability.
One way organizations can mitigate insider threats is through a “zero trust” model, which emphasizes not blindly trusting anyone who tries to access a system or initiate a transaction, even those individuals who have been granted access.
A brief history of zero trust
The concept of zero-trust strategy was first proposed by an expert at Forrester Research in 2010. It took a while for the concept to catch on, and Google was one of the first companies to announce a zero-trust policy. After Google adopted IT, the concept gained popularity as an acceptable IT security model and was adopted by many organizations.
How does zero trust work?
Zero-trust architecture is a threat management model that does not assume that people and systems running on a network are entitled to all permissions without repeated validation.
The traditional IT infrastructure makes IT difficult for anyone outside the organization to access private resources, but IT ignores the security risks posed by insiders. In fact, there are countless cases of employees intentionally or inadvertently causing confidential data leaks that cost millions of dollars.
Everyone needs validation
A zero-trust policy requires verification of everyone, whether internal or external. By default, the zero-trust model does not trust anyone, whether inside or outside the network. Many cybersecurity experts believe this simple extra layer of security can prevent data breaches.
The consequences of a data breach
A single data breach can cost a company more than $3 million, according to a study by IBM. In data breach cases, the loss of an individual customer’s data can have many consequences, including damage to a company’s reputation. Many affected customers will choose to do business elsewhere, meaning less revenue. The statistics and consequences of insider threats presented by industry experts and research reports are heart-wrenching, and many organizations are choosing the right zero-trust strategy to deal with insider threats.
How should an organization adopt a zero-trust policy
It is recommended to adopt and slowly implement a zero-trust strategy to minimize risk. First, you should analyze the risks facing your organization. Define the scope and create a zero trust implementation plan with your resources, priorities, and schedule in mind. You can decide to use internal resources or hire experts to help you implement.
Next, you need to implement authentication protocols to protect your systems and sensitive assets by controlling identity and its access. You should use multi-factor authentication and layered access authorization models to secure all assets so that no one has unrestricted access to data once inside the system. This can protect your organization from being completely wiped out by an unscrupulous employee.
Basically, you deploy and approve the authentication process before allowing anyone to enter the network or make a transaction. This protects you from the disclosure of expensive data that could bring down your company. One of the main dangers of insider threats is that hackers can access privileged accounts to carry out their plans. This is why it is absolutely necessary to carefully manage privileged accounts.
Monitoring based on zero trust model
Once the scope for implementing the zero-trust framework, the selected techniques, and the implementation process are determined, a monitoring process needs to be established to look for malicious activity on the network. Once suspicious activity is detected, it must be flagged and addressed. Monitoring internal privileged access, which can also be compromised by outsiders, pays off if this process is followed diligently.
Finally, you will implement an access control model based on granular attributes. ABAC is an access control model, which is considered to be the next generation of access management model evolved from role-based access control model. ABAC is based on establishing a set of attributes, such as:
- Subject or user characteristics, such as department, position, and IP address,
- Objects or systems and data characteristics, such as sensitivity levels,
- Environmental characteristics, such as time and place.
The main idea is to define what combination of features or attributes will be used to control access from a central policy perspective. The properties of each system may be different.
In general, the key to developing an effective zero-trust strategy is to scrutinize all activities to identify and block as many unauthorized activities as possible, especially high-risk transactions initiated by privileged account holders.
Continuous validation across devices
The zero trust framework uses five key areas in practice, which are:
- User trust
- Equipment trust
- Transport/session trust
- The data of trust
- Application trust
For a zero trust program to be effective, implement validation in five key areas through a step-by-step process that includes scopes, techniques, and processes to improve security. As you continue to assess the risks, the project can grow from a small start. To be successful, you will want to implement it in such a way that it provides maximum security with minimal impact on operations. You can reduce the risk of data leakage and unauthorized access or transactions by handling and managing internal security threats.
Ten steps to a Zero Trust program
Follow these steps to create and implement a zero-trust security program:
- Complete risk assessment
- Define your scope – systems, data, people, equipment
- Develop a business plan and promote it to the organization
- Determine your budget and resources
- Develop a zero-trust implementation plan
- Define trust criteria and boundaries
- Deploy multi-step and multi-factor authentication technologies
- Be aware of privileged accounts on critical applications, databases, and devices
- Implement appropriate access control models, such as attribute based access control models
- Monitor access and activity across systems based on your trust criteria
conclusion
The zero-trust model scrutinizes every individual or device that requests access to systems and resources, whether the requester is internal or external. Ultimately, the goal behind zero trust is to address the weakest link in security: trusted entities and people (and devices) with access. While insiders provide valuable services, their established access can pose significant security risks to your organization and must be constantly validated, validated, and approved to protect your company and most valuable assets from potential insider threats.
Article source: www.identitymanagementinstitute.org/managing-in…
About us
“Longgui Technology” is a focus on low code enabling enterprise level information service providers. The core founder team came from green Alliance Security, Red Hat open source operating system, well-known game playing crab technology, well-known open source community and other experts jointly founded.
“Longgui Technology” is committed to enabling every enterprise in China to have their own automated office operating system, to help enterprises or governments embrace Cloud Native First strategy, to help customers build a modern IT infrastructure centered on “identity and application”! So as to realize “digital transformation” and “industrial production of software industry”!
Main products: ArkOS ARK operating system: an enterprise-level office automation operating system, combined with self-developed low code application development platform, to build an industrial ecosystem, focusing on creating an integrated full-stack cloud native platform for all kinds of enterprises and organizations. System built-in applications include: ArkID unified identity authentication, ArkIDE, ArkPlatform, App Store and other products. Up to now, the company has obtained 15 software Copyrights, 2 invention patents, and in November 2020, Beijing Haidian District Zhongguancun National high-tech enterprise certification.
Related links:
Website: www.longguikeji.com/
Documents: docs.arkid.longguikeji.com/
Open source code warehouse address:
github.com/longguikeji
gitee.com/longguikeji
Article history
- The landing wheel? You’re still building it?
- Enterprise single sign-on – foundation of information system construction
- Are you ready for telecommuting?
- Enterprise informatization, how to count?
- The dragon to science and technology | some speculation about the future
- The dragon is the future of science and technology | enterprise office automation
- The dragon to science and technology | software costs down