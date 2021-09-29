External and internal threats are constant in the cyber environment. Therefore, one must be aware: the lack of database updates or a faulty configuration are some of the vulnerabilities that allow attackers to infiltrate an organization’s systems.

In addition to being attacked by external malware, the company’s own users may be responsible for intrusions. To do this, just click on a phishing link or fall victim to social engineering.

Image: Reproduction/Envato/FabrikaPhoto One of the ways to avoid these occurrences is to have a zero-confidence program. It should address all possible attack vectors. The Cost of a Data Breach report, from 1024, indicates that companies without a zero confidence structure had an average cost of $5. million to filter data globally. Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News. Every day a summary of the main news in the tech world for you!

Already those with more maturity in the theme, this cost was $1,1024 million lower worldwide. Companies in the initial stage of implementing the initiative report a lower cost of US$ 660 thousand.

What is zero confidence

In short, zero confidence is the continuous assessment of each connection that allows access to company resources. The principle of this strategy is “believe nothing, check everything”. They can be employees, partners, customers, suppliers or other users, as well as devices, applications and networks. Zero trust protects each connection dynamically and adjusts privileges based on the risk profile.

The first step is to act as if the company has already been affected and constantly evaluate the connections. This technique checks all points and ensures that they meet safe conditions. It’s a way for the corporation to be proactive in cybersecurity efforts.

So each user, device, and connection is evaluated for identity, data security, threat intelligence, and other critical tools to create that profile. It is also essential to identify who does not represent risk, since, with the adoption of remote work, millions of professionals started to access the corporate network with unknown devices. Even those who were not a threat in the office may have a new risk profile.

With this, the team can use any device in any location to connect to the company’s infrastructure and data. That way, customer experiences will be dynamic and their privacy and security will remain protected.

Furthermore, with the zero-trust strategy, it’s easier to reduce business disruptions. That’s because the threat detection and response approach is faster and more automated. For zero trust to be successful, the team must be united and open to collaborate.

Ryan Schwartz, product marketing manager at IBM Security, points out that zero trust guarantees security of businesses and allows them to continue to function. “For this, the verification must be as accurate as possible. Privileges and context can be updated based on security data, database and application usage, location and other factors.”

Beyond Blocking and Allowing

In general, zero trust goes beyond blocking and allowing. Lower risk users can access the tools they need to complete their tasks. As the risk decreases, they can gain more freedom of access. Conversely, if the risk increases, it is possible to limit access.

Zero trust is critical, not just another tool in the framework. You can develop data security and governance policies in line with your company’s security, compliance, and privacy objectives, as well as continually update them.

Monitoring data activity and Information security analysis should record and analyze user actions from various sources. For those with privileged credentials, a data security platform must be integrated with privileged access management tools. This allows you to find out if they used the credentials for suspicious actions.