nasscom Community

How zero-trust approach can help SMBs focus on growth without losing sight of security

3 Mins read

Ransomware or malware doesn’t necessarily discriminate among small or big businesses. Unscrupulous elements may prey upon anyone who has kept doors to their internal networks ajar.

Small businesses often compromise their network security due to budget and resource constraints, whereas, contrary to the popular understanding, it’s a security breach that very few small businesses can afford.

For small businesses, it has become critical to adopt a zero-trust approach, without worrying about a trade-off between security and money, to avert cyberattacks and keep growing. Using zero-trust architecture, they can provide secure remote access to employees, contractors, associates, vendors and partners to run their business at scale, without undermining the security aspects.

No need to compromise growth or agility for security

Agility and speed are synonymous with SMBs or startups, which move swiftly to accelerate growth. With their insatiable urge for expansion, they venture into new territories, headhunt bright minds from anywhere, join hands with new partners and investors. New employees, vendors, contractors working from multiple locations need to access business applications, data and internal services. Popular perception is that the heightened security would slow down things. Multiple checks would lead to poor user experience and low productivity, often prompting SMBs or startups to compromise with security to ensure smooth operations.

Traditional ‘trust but verify’ is not enough to protect boundaryless corporate networks

The growing demand for mobility and flexibility is increasing pressure on IT. Today, users access internal applications from remote locations or on the go, switch devices at will and connect via mobile or personal networks to perform their roles anytime. Data is stored in the corporate datacentre, private or public clouds or in a mixed environment. This increasing interconnectivity and complexity with endless dots to secure can render even the best of enterprises vulnerable.

With an expanding threat landscape and regulatory requirements becoming stringent, IT has been playing “catch-me-if-you-can” game. As the number of users, devices and connections rises, finding gaps in the traditional security architecture becomes easier for ever-evolving attackers.

What is the zero-trust model: Never trust, always verify

The zero-trust approach helps reduce the threat landscape by implementing checks to localize and isolate threats to minimize the impact of any kind of security breach in the network. Though it is still in its early stage of adoption, it has some key benefits:

  • Reducing the threat landscape
  • Move over to proactive security from reactive security
  • Limit the ill-effects of a security breach
  • Lessen the burden on IT teams by implementing a series of checks in place

How to implement the zero-trust architecture

The model includes multiple measures aimed at securing every access request coming from each endpoint every single time, without undermining the productivity or user experience. The zero-trust approach essentially takes care of three key aspects: people, device and context.

  • Identify every time an access request is raised by anyone, without fail. Enable strong authentication using static and dynamic passwords.
  • Identify the device every time a user is trying to access an internal application. User device signature or hardware component identification, IP addresses, user location, end-point security level, etc. should be assessed.
  • Understand the context to assess the need for access. Define strict security policy for granting or denying access. If required, demand more authentication whilst dealing with an unusual access request: all these in real-time.

Even after the user identity is established and device health is determined, the user should not be given any unlimited access. The need and the extent of access must be determined based on roles, responsibilities, user behaviour and activities.

With an expanding threat landscape and regulatory requirements becoming stringent, IT has been playing “catch-me-if-you-can” game. As the number of users, devices and connections rises, finding gaps in the traditional security architecture becomes easier for ever-evolving attackers.

This blog was first published on Accops’ Blog.

The post How zero-trust approach can help SMBs focus on growth without losing sight of security appeared first on NASSCOM Community |The Official Community of Indian IT Industry.