Australia, Mar 26, 2024
Published by Logicalis Australia
Author: Tim Davoren
Building a Zero Trust Culture at Work
The way we work together in modern business has changed in recent years. We're increasingly relying on collaboration and co-delivery with partner organisations to achieve business goals and remain competitive. Sharing technology and access is needed to get the job done, but how much should we trust our own resources as well as those of other organisations? That's where the principles of zero trust security come into play.
What is zero trust?
The notion of "zero trust" is a security assurance philosophy emphasising that no person or entity, either inside or outside the network, should be considered trustworthy unless their identification has undergone a comprehensive verification process. Stephen Paul Marsh first created the term in 1994 in his thesis on computer security, where he looked beyond human factors to quantify trust in mathematical terms. The expression shares a similar sentiment to the “trust, but verify” phrasing used by U.S. President Ronald Reagan when talking about nuclear disarmament with the Soviet Union.
In 2010, Forrester researcher John Kindervag popularised the term by outlining a security model where organisations never automatically trust anything inside or outside their security perimeter. His approach called for stricter access control and continuous verification, which continues to be a hallmark of today's zero trust principles.
Rather than focusing on a single strong outer perimeter to keep threats out, zero trust recognises that threats can also come from within. A zero trust approach requires continuous verification, stricter access control on an as-needed basis and the creation of smaller protected zones within a network. These controls and layers help safeguard against threats and limit the impact and spread should a threat breach the outer perimeter.
Adopting zero trust security across an organisation is neither a simple nor speedy process. To succeed, it requires considerable buy-in from leaders and teams that can have competing interests within an organisation. It's an ongoing commitment to security where some trade-offs to freedoms or performance need to be made, with the understanding of how it improves the overall security posture of data, networks and technology.
As global cybersecurity concerns continue increasing, many governments, businesses and organisations are switching to zero trust practices to protect their data, networks and technology. In 2021, the U.S. Government ordered its agencies to switch to zero trust architecture in line with national technology standards. Closer to home, the Australian Government has said it will develop a whole-of-government zero trust culture as outlined in its latest cybersecurity strategy.
Zero trust at work in the Essential Eight
The Australian Government, through the Australian Signals Directorate (ASD), curated the Essential Eight, a list of the most effective strategies to protect organisations from cyber-attacks. Some zero trust principles already align with the Essential Eight and give an added reason for organisations to pursue both. These include:
- Patching applications and operating systems
Both zero trust security and the Essential Eight emphasise the importance of keeping software up to date. Exploiting outdated software vulnerabilities is a common attacker tactic. Zero trust's focus on least privilege and micro-segmentation can limit the damage even if a vulnerability is exploited. However, timely patching remains crucial for preventing breaches in the first place.
- Implementing multi-factor authentication
Zero trust strongly advocates for multi-factor authentication (MFA) methods that require user interaction through challenge and response codes, adding an extra layer of security beyond passwords. Similarly, the Essential Eight mandates MFA for privileged access and remote desktop protocols. This shared emphasis on MFA makes it significantly harder for attackers to gain unauthorised access, even if they steal credentials.
- Greater application control
Zero trust's principle of least privilege translates to restricting users and applications to only the resources they need. This aligns with the Essential Eight's recommendation of using application whitelisting to block unauthorised applications. By only allowing trusted applications to run, the attack surface shrinks, making it harder for malware to infiltrate the system.
- Hardening user application settings
Both approaches advocate for hardening user applications to disable unnecessary features and functionalities that could be exploited by attackers. This could involve disabling macros in Microsoft Office applications, as recommended by the Essential Eight, or restricting browser extensions and plugins within a zero trust framework. In the near future, even application control that currently relies on code signing for verification will be extended to require continuous certificate checks.
Implementing zero trust principles and a zero trust culture
As indicated above, implementing zero trust across an organisation is no small feat. It requires dedication, persistence and considerable buy-in from stakeholders across the business. Building an organisation-wide security culture is essential for the ongoing success of the zero trust approach.
Aside from implementing specific infrastructure, access controls and updating processes, team members also need to be considered and provided with adequate levels of training. Understanding how they can help maintain overall security makes them more likely to support the additional processes required for continuous verification and identity management.
This is where technology providers like Logicalis can help provide support as a trusted security partner. With expertise across major business technology platforms, tools and processes, such as Microsoft Azure, Logicalis can help ensure your zero trust plans stay on track. The Zero Trust Assessment Framework from Logicalis helps customers explore zero trust across devices, identity, network, applications, collaboration and data. These exercises draw on globally recognised frameworks for Zero Trust to assess current approaches and allow Logicalis to provide recommendations matched to each customer’s business, maturity level and budget considerations.
In Australia, the Logicalis team help clients design solutions and implement Essential Eight and zero trust principles across their networks, data and technology. These include implementing Identity Access Management, to network segmentation, to ensuring data security and integrity. Aside from developing specific projects and solutions, Logicalis also offer continuous monitoring and round-the-clock threat detection through its Managed Services team.
Contact our team if you'd like to learn more about zero trust architecture and how it can help your organisation improve its security posture.
Related Insights
Australia , Apr 15, 2024
Logicalis named Australian Microsoft Leader
Logicalis has been named leader in two quadrants of the ISG Microsoft ecosystem report.
Australia , Apr 15, 2024
Top tech trends in cybersecurity spearheading digital change
Cybersecurity is an essential consideration for any organisation undergoing digital transformation. While the focus on cybersecurity in Australia has undoubtedly increased due to rising cybercrime and several high-profile attacks, current trends are causing businesses to rethink their approach.
Australia , Apr 1, 2024
A decade of insight reveals the future of tech leadership in the Logicalis Global CIO Report 2024
In the ever-changing landscape of tech leadership, we are pleased to deliver the first Australian CIO Report, offering a localised perspective on the global findings.
Australia , Mar 7, 2024
Make Cyber-attacks Harder with Application Hardening
For a head of IT or a Chief Security Officer, there's nothing greater than power and control, except perhaps for coming in under budget and on time for a project.
Australia , Dec 8, 2023
ChatGPT and AI chatbots – Is my organisation at risk?
Learn from our Logicalis Australia experts about how ChatGPT and AI chatbots could either enable or shake-up your business processes.
Australia , Dec 8, 2023
IT Ops isn’t changing…it’s changed
For years, the management of IT has been moving away from reactive BAU support (break-fix) and moving towards a more proactive support model. For some organisations the change is still happening; however, for the vast majority, the change has already occurred.
Australia , Nov 13, 2023
Logicalis named 2023 Cisco Global Enterprise Networking and Meraki Partner of the Year for the second consecutive year
Last week, we proudly received the 2023 Cisco Global Enterprise Networking and Meraki Partner of the Year award during Cisco’s annual Partner Summit. The award recognised Logicalis' global capability in Enterprise networking, with Logicalis Portugal receiving a special mention for their standout contribution to driving Intelligent Connectivity managed services to customers in Portugal.
Australia , Nov 13, 2023
Logicalis named inaugural 2023 Cisco Global Sustainability Partner of the Year
Last week, we were honoured to receive the inaugural 2023 Cisco Global Sustainability Partner of the Year award during Cisco's Global Partner Summit event in Miami. This prestigious accolade acknowledges Logicalis' exceptional sustainability achievements and success in helping customers reduce the environmental impact of their digital ecosystems across the globe.
Australia , Oct 24, 2023
Choosing the right MSSP -Top 5 credentials to look for when selecting a Microsoft Managed Security Services provider (MSSP)
Our recent CIO survey shows over half of respondents plan to increase their risk management investment. They also consider malware and ransomware significant risks that their organisations will face in the coming year.
Australia , Sep 21, 2023
The power of next generation connectivity
To be able to succeed, leaders need to create environments that can adapt to maximise opportunities, mitigate risks and most importantly be able to scale both securely and sustainably. The key to this is connectivity.
Australia , Aug 9, 2023
Logicalis celebrates incredible growth of Microsoft performance
FY23 has been an extraordinary year for Logicalis’s Microsoft partnership. We’ve seen 60% year-on-year growth reflecting our unwavering commitment to helping customers deliver business value through digital transformation.
Australia , Jul 10, 2023
Employee Burnout: Addressing the Root Causes and Empowering Leaders to Combat It
Employee burnout has become an increasingly alarming concern in recent years, and the COVID-19 pandemic has only exacerbated the issue. With the pandemic forcing many employees to work remotely, isolation and blurred boundaries between work and home life have led to a significant increase in burnout cases.
Australia , May 12, 2023
Introducing our Managed Digital Fabric Platform
Hear from Logicalis CTO, Toby Alcock, as he describes the challenges customers are facing and how our Digital Fabric Platformm can enable them to drive business outcomes.