Governance & Risk Management , Zero Trust
What It Takes to Build a Modern Zero Trust Architecture3 Key Factors to Leverage as Zero Trust Evolves
Zero Trust deployment - the acts of moving apps and data to the cloud and assuming no user or device is trustworthy until proven otherwise - came into vogue in response to COVID-19. While most of us are tired of talking about the pandemic, it still must be recognized as a watershed event.
See Also: Attack Surface Management: Improve Your Attack Surface Visibility
Most organizations moved rapidly to extend remote access to enterprise apps to all their employees. And since many had already embraced the cloud and had a remote access strategy - typically a virtual private network, or VPN - they simply extended what they had to all users. But you introduce new risks when you rely on these types of access technologies.
Zero Trust Has Evolved
Extending VPNs was the default response. But bolting two-factor authentication and network access control, or NAC, onto VPN is the opposite of least-privilege access and is simply not enough - because a lot has changed since Zero Trust first appeared in 2014. >/p>
Apps and data in the cloud do not adhere to corporate domain-oriented or file-based access controls. Data is structured differently or not at all. And endpoints are no longer limited to corporate-issued and managed devices. The attacks have evolved, as have communication and collaboration tools. So our concept of Zero Trust must also evolve.
3 Critical Pieces for Solving the Zero Trust Puzzle
Making smart Zero Trust access decisions without hindering productivity requires deep visibility into endpoints, data and apps, all of which hinges on the ability to leverage three key factors:
1. Device Telemetry: You need to continuously track changing risk levels of user devices. These endpoints are the leading targets for advanced persistent threat , or APT, reconnaissance and mobile phishing for credential theft. Mobile devices are rarely connected to enterprise perimeter security as they are usually on cellular or public or home Wi-Fi. They also frequently have operating system and app vulnerabilities that open the door to exploitation and data leakage.
2. User and Entity Behavioral Analytics: It’s critical to understand typical user behavior for anomaly-based detection. To do so, you need all activities related to apps and data access to occur within your cloud security solution. With in-depth knowledge about users and their usual activities, you can detect anomalous behavior that may indicate theft of user credentials or an insider threat, and control access accordingly.
3. Data Sensitivity: Continuous assessment of users and endpoints is essential. But the flip side is knowing the sensitivity of the data being accessed. To make seamless Zero Trust access decisions, you should enforce policy based on the sensitivity of the data your endpoints and users are seeking to access. This way, you safeguard valuable data without hindering productivity.
The Lookout Zero Trust Solution
Lookout has integrated its security and access platforms to provide a modern approach to Zero Trust. The Lookout Security Platform incorporates the three key data points for Zero Trust, providing insights into endpoints, users, networks, apps and data. This unprecedented visibility enables organizations to effectively detect threats and anomalies, support compliance requirements and stop breaches.
Lookout enforces policies that can account for typical endpoint indicators such as malicious apps, compromised devices, phishing attacks, app and device vulnerabilities, and even risky apps. The access platform recognizes indicators of anomalous user behavior, such as large downloads and unusual access patterns and locations. With integrated data loss prevention - or DLP, the Lookout platform can also assign sensitivity to what a user might be attempting to access.
Leveraging device telemetry and advanced analytics, Lookout enables organizations to restrict access to sensitive data, request step-up authentication or take specific action on content, such as masking or redacting certain keywords, applying encryption and adding watermarks. In the event of a breach, you’re able to shut down access altogether.
To learn more about our endpoint-to-cloud solution, visit Lookout Secure Access Service Edge Solution.
To see Lookout CCA in action, watch our video.