Taking the next step with Zero Trust

Organisations in Singapore recognise the benefits of adopting the Zero Trust model. But, a recent Entrust survey reveals that while more than half of IT practitioners in Singapore have strong leadership support for Zero Trust, nearly 30% of organisations have yet to begin implementing this security approach. Another half are still at various stages of implementation.

So how can more organisations move their Zero Trust strategies from concept to everyday practice?

Applying Zero Trust principles to the cloud

There are several technologies and techniques that help you navigate the Zero Trust journey:

See also: 80% of AI projects are projected to fail. Here's how it doesn't have to be this way

1. Certificate lifecycle management (CLM)

Certificate lifecycle management is essential to implementing Zero Trust at scale. Digital certificates are issued to people and devices so that organisations can verify their identities and authorise requests, whether it be to access the network or a specific corporate resource. Digital certificates are also used for strong encryption and access control. With so many certificates in use for so many purposes, CLM allows you to ensure no certificates go unmanaged, and enables you to enforce the principle of least privileged access.

There are three important steps in the certificate lifecycle:

See also: Responsible AI starts with transparency

• Issuance, renewal, and revocation: Certificates can’t be forgotten about, or else you risk opening up a backdoor into your cloud environment. So, security teams must seamlessly manage their lifecycle from start to finish, renewing any that have been authenticated and revoking all that have not.

2. Key and Secrets Lifecycle Management

Keys and secrets underpin the security of cryptographic processes. Managing their complete lifecycle is critical for comprehensive security.

• Key Lifecycle Management: Generate, deliver, and distribute cryptographic keys to a range of supported applications through multiple standard interfaces, including KMIP. Provide access control to keys and enable automated capabilities including key rotation, key expiration, and key revocation.
• Secure Root of Trust: As a foundational element of Zero Trust’s data protection pillar, this enables FIPS-certified cryptographic key generation and lifecycle management with dual controls and separation of duties.
• Decentralised Vault-Based Architecture: Distributed key storage ensures that keys and data are kept within the geographical areas where they are supposed to be maintained to facilitate compliance with geo-fencing and data sovereign regulations.
• Centralised Compliance Management Dashboard: This process enables the documentation of keys and secrets based on templates for continuous compliance assessment using built-in or custom policies.

3. Identity and access management (IAM)

• User identity is the heart of post-perimeter cybersecurity. A robust, feature-rich IAM portfolio is key to securing identities and keeping your most valuable assets protected from compromised credentials, phishing attacks, and other threat vectors. Essential capabilities include:
• Strong authentication: Checking all requests against all possible data points ensures the user identity is verified without any risk signals falling through the cracks. An effective Zero Trust architecture will leverage both risk-based and adaptive authentication methods to provide high assurance and phishing-resistant verification.
• Phishing-resistant multi-factor authentication (MFA): MFA leverages numerous authenticators — tokens, facial recognition, mobile push notifications, and more — to ensure users are who they claim to be. However, not all MFA is the same, as some are vulnerable to bypass attacks. For high-assurance identities, organisations should use certificate-based passwordless authentication for both users and devices.
• Passwordless security: Traditional usernames and passwords are prone to repetition and are much easier to crack when tied to personal information. Zero Trust advocates for passwordless security, which uses cryptographic keys to enable temporary access without burdening users or your IT department.
• Single-sign-on (SSO): SSO is an access management function that allows a user to login with a single set of credentials for multiple resources. With the right combination of cloud security tools, organisations can build a strong authentication foundation beneath this process, ensuring SSO can’t be taken advantage of for nefarious purposes.

Best practices for implementing Zero Trust

To stay ahead of the latest tech trends, click here for DigitalEdge Section

Now that you know why creating a Zero Trust cloud is important and the tools it takes to get there, let’s talk about the actual implementation process.

Do note though – Zero Trust isn’t happening overnight. The journey could turn out to be a multi-year endeavour, so it’s best to take a phased approach. You can implement the foundations early, but as an ongoing process, reaching Zero Trust maturity will require continuous effort.

Here is one approach to how you can start your journey to Zero Trust maturity:

• Application and asset discovery: Before you can adequately secure your environments — in the cloud or otherwise — you need to identify everything within its reach. This step involves taking inventory of your most sensitive data, where it resides, and where it goes. Then, inventory your cryptographic assets, including all hardware, software, and credentials.
• Map transaction flows: Understanding the relationship between cloud applications, systems, servers, networks, devices, users, and third-party cloud providers is important. This step helps you chart how data moves between these elements, how they interact with each other, and determine areas that need the most attention.
• Architect boundaries: Once you’ve figured out where your most crucial assets are, you can isolate them with additional controls to prevent lateral movement.
• Establish access control policies: Define context-based rules for how assets can be used, shared, manipulated, etc. A solid access management plan will explicitly outline permissions based on the principle of least privilege.
• Monitoring and maintenance: You can’t set and forget cloud security. Even after you’ve built a robust Zero Trust framework, your security team must regularly monitor user activity for anomalous behaviour. More importantly, it should search high and low for vulnerabilities before hackers have a chance to exploit them.

Work with a partner to secure your cloud environments

As cloud environments grow larger and more complicated, traditional network security tools are falling short of the mark. Today’s organisations need more robust, advanced, and automated solutions that establishes the foundation for a future-proof Zero Trust architecture. Partnering with a trusted expert who can guide your Zero Trust implementation both now, and in the future, will better equip you to navigate emerging challenges and cyber threats.

 Parag Patel is the global vice president of Entrust