With just about everything delivered from the cloud these days, employees can now collaborate and access what they need from anywhere and on any device. While this newfound flexibility has changed the way we think about productivity, it has also created new cybersecurity challenges for organizations.
Historically, enterprise data was stored inside data centers and guarded by perimeter-based security tools. But with users using endpoints and networks your IT teams don't manage, this approach has become antiquated.
To combat this new reality, organizations have turned to tactics such as relying on device management and antivirus software, as well as single sign-on and multi-factor authentication. Some vendors have even begun to claim these measures as a form of Zero Trust, a popular idea where organizations should not trust any entity and provide access to its applications and data until its risk levels are verified.
In this blog, I will break down what is and what isn't Zero Trust.
Four key "just becauses" of Zero Trust
While most of us understand Zero Trust conceptually, the path to Zero Trust is a complex and constantly evolving journey. As I discussed in a previous Zero Trust blog, there is no silver bullet to achieve Zero Trust, but there are ways for us to visualize and apply it to day-to-day IT and security operations.
To figure this out, I recently invited Andrew Olpins, a solutions engineer at Lookout, onto our latest Endpoint Enigma podcast episode. We cut through all the marketing noise and discussed whether there's a pragmatic way to get started with Zero Trust. Here are a few takeaways from our conversation:
1 — Just because a device is managed doesn't mean it can be trusted
Often organizations default to managing devices to secure their endpoints. The idea is that if you have control over your employees' endpoints, they are secure. But it's not enough. While device management tools can push updates to operating systems and apps, they don't grant any real-time visibility into the risk levels of the endpoint. Zero Trust only works when you have a continuous understanding of an endpoint so you can make decisions about its access.
2 — Just because a device has antivirus doesn't mean it's free of threats
Malware is just one of the many ways a threat actor can compromise your organization. In fact, to skirt detection, attacks often use more sophisticated tactics like creating backdoors into infrastructure via internet-facing remote access systems such as remote desktop protocol (RDP) or virtual private network (VPN). They can also leverage vulnerabilities in operating systems or applications to gain additional access to an endpoint.
3 — Just because someone has the correct ID and password doesn't mean they're the user in question
Another way for an attacker to compromise an endpoint or an account is by using social engineering tactics. There are now countless channels to deliver phishing attacks to an endpoint, such as SMS and third party messaging, email, social media platforms, even dating and gaming apps. With users having easy access to various enterprise apps such as Microsoft Office 365, Slack and SAP SuccessFactors, any of these accounts can be compromised.
This is where you need an integrated solution that can detect the context around a user's behavior. With integrated data loss prevention (DLP) and user and entity behavior analytics (UEBA), security teams can understand the types of data a user seeks to access and whether it aligns with what they need access to and whether it's normal behavior. Without these, you can't tell whether a user is who they say they are and enforce Zero Trust.
4 — Just because we know them doesn't mean they aren't a risk to your organization
Even when you have figured out that a device or endpoint is legitimate, doesn't mean they aren't a threat to your organization. Threats can come from internal users, whether intentional or unintentional. I recently wrote about Pfizer intellectual property being stolen by an employee that went rogue. In addition to malicious insider threats, any of us could easily share content to unauthorized users accidentally.
Like what Sundaram Lakshmanan, Lookout CTO of SASE Products, wrote in his 2022 Predictions blog, cloud interconnectivity has amplified user errors and compromised accounts threats, because data can now move at lightning speed. This is why DLP and UEBA are essential to a solution, just as it can figure out whether an account is compromised, it can also stop insider threats and data leakage by legitimate employees.
Get your fundamentals right: deploy an integrated Zero Trust solution
The above "just becauses" are some of the most common misconceptions about Zero Trust, a concept that should be at the core of every organization's security posture. By no means is my list comprehensive, but it should get you in the right mindset when it comes to vetting vendors that claim to offer a single tool that can solve challenges related to a remote-first environment. In reality, no one can solve every piece of the Zero Trust journey.
Here at Lookout we have integrated endpoint security with Secure Access Service Edge (SASE) technologies to ensure that your sensitive data stays secure without hindering the productivity of your work-from-anywhere users.
How do we do it? Take a look at this webinar where we break down why Zero Trust isn't just a buzzword, and how Lookout's solution ensures that you can deploy intelligent Zero Trust that leverages telemetry from endpoints, users, apps, networks and data.
Note — This article is written and contributed by Hank Schless, Senior Manager of Security Solutions at Lookout.