Using Zero Trust and Conditional Access Policies to Reshape Cybersecurity -- Security Today

Using Zero Trust and Conditional Access Policies to Reshape Cybersecurity

Eliminate trust based on location, such as within a company network, and always verify users at every access request.

By Yotam Gutman
Jul 26, 2019

Having a password that contained a random assortment of characters used to be considered the high-point of IT security.

And this system was optimal when all we needed was to be on the corporate network and were physically on-site. If traveling or working from home, a laptop and VPN would suffice.

But the ways that employees and corporations function have changed dramatically in the last ten years. We're much more mobile than we used to be, and no longer working with applications that only reside on the local server, but instead are sitting on the cloud. From a security perspective, the 'perimeter' is fast expanding, and we must update our approach to network security and access.

And users are inadvertently a risk to security:

4 percent of users will click on anything
28 percent of attacks involved an insider
Casual events caused 17 percent of breaches

Modern users are more mobile than before: Are VPNs still viable?

With the increased practice of cloud-based apps and mobile devices, users are not only more mobile but using personal devices for work at an increased rate.

Employees working from home and cafes
Contractors working offsite
Increased usage of mobile devices

The traditional method of using a VPN has too many disadvantages and security flaws to be viable. They give too much access and expose assets to the internet. Security experts instead recommend using zero trust VPN combined with conditional access.

What is zero trust and conditional access?

Zero trust is a cloud-based solution used to grant secure remote access to users while isolating resources such as apps and data from attacks and threats. It can be broken down into three main components:

Never trust—always verify
Successful access granted only after end-device authentication
Each access request is unique

Conditional access dynamically determines each access request in real-time instead of storing user credentials which may be outdated and granting access if the credentials are correct. This approach is no longer practical. What if the user inadvertently downloads a malicious app? What if their location has changed? There are too many variables for an identity-only approach.

Implied assumption of safety

The assumption of security comes from the adage that if the end-user is known and has the correct credentials, then they are not a threat. Conditional access takes into account multiple endpoint factors and provides real-time risk assessment. For instance:

Network - Is it a secured connection or unsecured, such as free coffee shop WiFi?
Operating system - The user may be missing a critical OS security update or no compliant OS
Location - Logging in from a suspicious location outside normal behavior
Device - Non-compliant devices from specific manufacturers may be blacklisted

These are just some of the holistic methods of conditional access. Dynamically checking each access request to preserve security by 'never trusting' and 'always verify.’

Do you need conditional access?

Attacks are at a record high, and we shouldn't assume that just because users are on a corporate network, they're secure. This was true 20 to 25 years ago, when only emails would leave the secured network and working offsite was a rarity, much less being able to connect to the network from outside the perimeter.

Today's attacks are much more sophisticated, and even two-factor authentication can be breached due to security flaws from the user. Fake emails, phishing scams are ever-present, and even customers at large banks fall prey to these attacks.

Integrating a zero-trust policy helps companies defend themselves from attacks by removing the assumption that the user can be trusted, to one of explicit verification.

Main takeaways

Networks that don't adapt their security approach will always remain vulnerable to attacks and breaches of data. Technology has evolved to a level of connectivity that mixes both work and pleasure across devices. Facebook, LinkedIn, OneDrive and other platforms can be accessed from nearly anywhere and on any device, expanding the security perimeter.

The only way to maintain security is to assume a zero trust policy combined with conditional access. Eliminate trust based on location, such as within a company network, and always verify users at every access request. Conditional access will further strengthen security by limiting access to high-value assets depending on the user profile at the time.

National Monitoring Center Secures Updated TMA Installation Quality (IQ) Certification
04/24/2024
PSA TEC 2024 Runs May 13-17 in Dallas
04/24/2024
Hanwha Vision Announces Support for Genetec Security Center SaaS Unified Solution
04/24/2024
ISC West 2024 Welcomed More Than 29,000 Attendees
04/17/2024
Evolon Introduces AI-Powered Video Monitoring Service 
04/17/2024
Resideo to Acquire Snap One to Expand Presence in Smart Living Products and Distribution
04/15/2024
Allegion US Features Interoperability, Mobile Credentials and More at ISC West
04/10/2024
Altronix Showcases Products to Protect Critical Infrastructure at ISC West
04/10/2024

Featured

Perimeter Security Standards for Multi-Site Businesses

When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now
New Research Shows a Continuing Increase in Ransomware Victims

GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now
- Cybersecurity
OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities

According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance. Read Now
- Cybersecurity
Getting in Someone’s Face

There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now
- Industry Events
- ISC West

Webinars

Hanwha Vision (formerly Hanwha Techwin), Salient Systems, Eagle Eye Networks Inc, Evolv Technology, Arcules, ZeroEyes

Shooter Detection: The First Line of Defense
Hanwha Vision (formerly Hanwha Techwin), Salient Systems, Arcules

Embracing AI-driven Access Control
HID Global

Unlock the Potential: Why Make the Shift to Mobile Credentials

Whitepapers

Genetec

How to Modernize Your Existing Security Systems Using Hybrid-Cloud
Eagle Eye Networks Inc

Are you ready for an on-site emergency? A practical checklist
Winsted Corporation

Top Considerations Designing an Ergonomic Control Room

New Products

EasyGate SPT SPD

Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3
Camden CM-221 Series Switches

Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3
HD2055 Modular Barricade

Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3