Industrial Cybersecurity

How Zero Trust Security Stands Up to Data Theft

Christian Bücker

Providing external network access to corporate resources is now a commonplace business practice. Devices used by employees and third parties worldwide can access cloud services, email applications and other confidential corporate resources 24/7—which means criminals can target these different locations to deploy malicious ransomware.

 

The security concept of zero trust puts the brakes on this problem. Based on the philosophy of not trusting a device or user before secure authentication has taken place, zero trust focuses on resources instead of classic perimeter security, which takes place at the interface of a private or corporate network and a public network, such as the internet.

 

Because services and data are no longer managed locally, setting up a local network and protecting it with a firewall only works to a limited extent in today’s world. Employees must be able to access company tools and data using all endpoints and apps.

 

Cloud services outside the firewall have become important components of flexible environments where people work from home offices, coworking spaces and any location in the world with internet access.

 

The work environment is undergoing a disruptive change from the traditional, five-day work week with compulsory presence to flexible, individual working models with completely new demands.

 

This significant transformation is accompanied by technological advances in communication. Digitalization enables employees to network globally, share data, collaborate on topics across locations and achieve higher productivity; however, this work structure also involves inherent risks. It makes companies more vulnerable to cybercriminals and external and internal attackers.

 

Attackers cease to focus solely on a company’s office environment; cybercriminals are increasingly focused on disrupting production processes and supply chains as well.

 

Digital tools need IT security to enable employees to work together efficiently and securely from anywhere. Zero trust makes it possible to guarantee data security and meet modern network security requirements.

 

Any Device Can Be the Target of an Intrusion

 

While company investments in IT security grow, the measures taken are often not sufficient to provide genuine security against intrusion by unauthorized persons.

 

According to analysis by Bloomberg Intelligence, cybersecurity spending could surpass $200 billion by 2024, but cybercrime could still cost the world up to $10.5 trillion annually by 2025.

 

Whether they’re iPads, laptops, smartphones, surveillance cameras or medical devices, any device can be a target for criminals.

 

The concept of zero trust relies on restriction and monitoring and eliminates implicit trust. This approach is similar to tactics used by macmon secure’s Network Access Control (NAC) solution.

 

It allows only defined devices to access the network. IT administrators always know which endpoints are logged into the local network and can permanently identify and efficiently monitor them with a comprehensive and complete network overview.

 

Network access control also helps customers locate network misconfigurations, uncover unknown devices, pinpoint network weaknesses and identify and monitor endpoints to prevent unauthorized access. If a device is not authorized to be in a respective network, then it is denied access from the very beginning. This makes unauthorized use of IT systems almost impossible.

 

Achieving Zero Trust with macmon Secure Defined Perimeter

 

Companies increasingly face the challenge of having to integrate flexible forms of collaboration into security strategies. Network security isn’t a fixed state you achieve once and simply work to maintain over time.

 

In order to take these dynamic work-environment developments into account, macmon secure added macmon SDP (Secure Defined Perimeter) to its proven NAC solution. It extends the zero trust network access (ZTNA) strategy to cloud resources and provides a holistic security approach to control endpoints and users.

 

To check the identity of a user, their device and its security status, an SDP agent takes over the authentication toward an SDP controller. The SDP controller operates in a highly secured, ISO 27001-certified data center. If authentication is successful, then the agent is informed as to whether the user has access rights to company resources—and which resources those are.

 

In contrast to classic VPNs, both the user and agent authenticate themselves at the controller with SDP. Only when both are recognized as valid is access to the network granted.

 

After successful authentication, the user can reach all required resources via single sign-on for cloud applications, the SDP cloud gateway for cloud data centers or local SDP gateways to internal resources.

 

Thanks to precise segmentation, the system decides who’s allowed to reach which internal resources with which device. It also takes over intelligent control of communication routes. This avoids bandwidth bottlenecks and ensures the lowest possible latencies. Every single access to company resources—whether within the company network or in the cloud—is checked. This is zero trust.

 

macmon SDP also offers another advantage over virtual private networks: the individual definition of policies at the user and device levels.

 

Today, corporate networks are usually multi-layered. macmon SDP reduces that complexity. The ground rules are clear and specified on a company-specific basis, and the effort is kept within limits compared to other approaches that manage access authorization.

 

Security settings define whether availability is granted when identity features and security configuration are fully compliant—or if availability is restricted. For example, perhaps sensitive data about product development or production planning can only be accessed by a restricted group of users with defined endpoints while less-sensitive resources, such as marketing materials, are available to valid users with third-party devices.

 

SDP Available as SaaS to Minimize Maintenance

 

macmon SDP is offered as software as a service (SaaS), which minimizes required maintenance and keeps operating costs low. No hardware investments are necessary. At the same time, the solution is highly scalable.

 

macmon SDP is hosted in Germany in an ISO-certified data center. Support is provided by a dedicated and experienced multi-language support team.

 

With macmon secure’s zero trust network access approach, secure access to corporate applications, data and services is only granted after successful proof of authorization based on clearly defined access control policies.

 

Learn more about macmon secure’s SDP Suite, a zero trust network access solution.