Between efforts like the White House’s Cybersecurity Executive Order and others from industry leaders like Microsoft and AWS, zero trust is quickly becoming the de facto approach to securing modern enterprises. My recent experience at the RSA Conference, where discussions of zero trust between leading vendors and security practitioners were front and center, further underscores this change.
At the same time, most large enterprises are increasingly dealing with a remotely-distributed workforce, all working from endpoint devices. This generally includes traditional PCs, laptops, and, increasingly, mobile devices. This trend means enterprises need a strategy to effectively implement zero trust for these distributed employees and their associated endpoints, all of which will be used to access corporate data and systems.
In this analysis, we will take a look at zero trust from the perspective of the organizational endpoint and users.
Which companies are the most important vendors in cybersecurity? Check out
the Acceleration Economy Cybersecurity
Top 10 Shortlist.
Key Considerations for Endpoint Zero Trust
When striving for zero trust maturity, it is crucial to take into account several key considerations for endpoints. These considerations encompass device identity verification, access control, endpoint detection and response (EDR), and monitoring and analytics.
Endpoint Verification and Governance
Organizations need to have both a strategy and technical capability to verify the identity of the devices and endpoints connecting to their environments, systems, and data. As pointed out by leaders such as Microsoft, when it comes to zero trust, not all endpoints are managed or even owned by the organization. This means there will be a diverse set of endpoint configurations, software inventory, and associated configurations, which much be verified and governed. Failing to govern and verify the security posture of endpoints will significantly hinder zero-trust implementation.
Organizations must implement techniques such as unified endpoint management to govern devices and their associated access and use as well as to implement effective access control. This diverse reality of endpoint posture and configuration means you will also have a diverse set of access controls and dynamic access management associated with the devices’ identity, posture, and behavior. Utilizing signals such as device posture, patch status, governed or BYoD (Bring Your Own Device), geolocation, and more can enable organizations to make context-rich dynamic access control decisions.
Endpoint Detection and Response (EDR)
Another key consideration, particularly for managed/governed devices, is implementing technologies such as endpoint detection and response (EDR). This enables organizations to detect and respond to security incidents on the endpoints and provide visibility and reporting to centralized entities such as security operations center (SOC) teams. Being able to automate the response to an emerging security incident can mean the difference between a benign security incident and a material event that has broader organizational implications.
Monitoring and Analytics
Lastly, there’s monitoring and analytics. Monitoring and analytics are critical for organizations to detect and respond to incidents and utilize analytics to identify anomalous behavior which may be malicious and a sign of more nefarious activities underway in their systems and environments.
Tooling such as EDR and UEM (unified endpoint management) enable organizations to have this visibility, feed these signals to centralized aggregation points, and make actionable decisions. Sources such as CISA’s Zero Trust Maturity Model 2.0 cites visibility and analytics as a key capability associated with devices. The model lists the most mature organizations having the ability to automate status collection of all network-connected devices and correlate that information with other data such as identities and patterns of behavior. They can dynamically provision or de-provision access utilizing these analytics and insights to mitigate malicious behavior.
Despite the dissolution of the legacy perimeter-based model of cybersecurity, zero trust still requires organizations to have robust capabilities and a strategy to implement security for endpoints accessing their organizational data and systems. Failing to do so can introduce significant risk to the organization and the data they utilize.
Want more cybersecurity insights? Visit the Cybersecurity channel: