Making the Case for ZTDA Has Never Been More Obvious
ZTDA or Zero Trust Data Access technology is needed now more than ever to secure remote access and sharing of confidential files.
Estimated reading time: 3.5 minutes
Why Security Strategies are Shifting
It may have been a mere coincidence or a result, but the recent cyber attack of Microsoft Exchange servers and last year’s lethal SolarWinds intrusion has resulted in potentially creating a major shift in the U.S. federal government’s security strategy.
The Push Toward a Zero Trust Paradigm
According to an article in FCW, during a hearing with U.S. senators on March 18, federal chief information security officer Chris DeRusha said that the White House “will push federal agencies to start moving toward a new Zero Trust paradigm.
“In this new model, real-time authentication tests users, blocks suspicious activity, and prevents adversaries from the kind of privilege escalation that was demonstrated in the SolarWinds incident.”
Dr. Chase Cunningham, a leading cybersecurity expert, and originator of Forrester’s ZTX Zero Trust Extended Framework described his comments as “significant”.
“Many of the tools we need to implement this model already exist within industry and agency environments, but successful implementation will require a shift in mindset and focus at all levels within federal agencies,” he stated following DeRusha’s appearance in the U.S. Senate.
“He is absolutely right. This is about using the tools and technologies that can help us align our overall approach to the problem and not about more technology. Strategy, then technology followed by more strategy will win the good fight.”
Ever-Expanding Capacity of Adversaries
In February, DeRusha, who at the time was CISO for the state of Michigan, told a U.S. Senate committee on homeland security and governmental affairs that “attacks on government organizations at all levels continue to increase and demonstrate the ever-expanding capacity of our adversaries.
“State of Michigan firewalls repel over 90 million potentially malicious probes and actions every day, and we are not unique. To defend our networks and the data entrusted to us by our residents, state and local cybersecurity leaders are taking proactive steps to improve protections.”
Now, no security expert of any credence is suggesting a Zero Trust initiative could have completely prevented the SolarWinds attack or the recent Molson-Coors hack, but what they are saying is that moving forward, it can certainly assist organizations of all size and scope, be they public or private, in minimizing risk.
This is especially true when it comes to the protection of data.
Zero Trust (ZT) Protection of Data
The concept of a Zero Trust (ZT) cybersecurity architecture has been around for more than a decade. However, adoption didn’t really begin to take hold until the past couple of years. As with many technological innovations, it hasn’t always been clear just what Zero Trust is all about, and more importantly how to implement Zero Trust easily and cost-effectively.
The principles of Zero Trust are simple. Never trust, always verify. In practice, that means each user must be verified before access is granted to any resource. Every request from every user, inside or outside of your perimeter security must be authenticated, authorized and encrypted, in real-time.
ZTDA – A Zero Trust Data Access Solution
FileFlex Enterprise, a Zero Trust Data Access (ZTDA) platform, provides secure sharing of confidential files within the app itself via secure encrypted channels, instead of sharing files via vulnerable email attachments or syncing and duplicating in the cloud, which increases the attack surface area. Authentication and authorization are strictly enforced before access and sharing are allowed, and access is granted on a per session basis.
Attachments, which clearly create a risk area, are a fundamental way for hackers to infiltrate a system, but through FileFlex Enterprise, IT controls sharing permissions and user permissions overall storage locations even to file level granularity. The administrative console includes a view of all activities of all users that can be monitored in real-time or exported to security incident event management software.
Access and Sharing can be revoked at any time on an individual contact, user, or file-by-file basis. In addition, double encryption will ensure that the transmitted data is encrypted all the way through from sender to receiver and can never be intercepted at the server level.
FileFlex Enterprise augments traditional perimeter-based security by always authenticating and always verifying all transactions all the time with a “never trust, always verify” model where access to data can be as granular as a single file protecting against unauthorized access to the organization’s infrastructure.
The Underlying Principles of ZTDA
The underlying principles of ZTDA are as follows:
- Grant micro-segmented access to data (as opposed to protecting a perimeter).
- Every transaction and every user is authorized and authenticated, every time.
- Access and Sharing policies can be customized on a user-by-user and file-by-file basis.
- All transactions by all users are tracked and monitored.
Other Benefits of ZTDA
Zero Trust not only delivers significant security improvements but also reduces costs and complexity while providing more peace of mind for business and IT leaders, as well as cybersecurity teams. At the same time, it provides a secure platform for the remote workforce with added productivity.
Given what is going at the moment with the Microsoft Exchange Server hacking debacle and other incidents, what is clear is that now is the time to explore, expand and accelerate Zero Trust initiatives. For more reading on zero trust and zero trust data access see “How to Meet NIST Guidelines for Zero Trust for Remote Data Access“, “Why Zero Trust and Why Now?“, and “How to Protect Your Data With Zero Trust Data Access“.