3 ways to secure devices accessing your company using Zero Trust framework
Zero trust is a cybersecurity framework that companies should use to secure their network. This framework, first coined by John Kindervag in 2010, implies — “ Never Trust, Always Verify”. Every time a user, device, or data passes through a network, it has to verify its identity. The word “trust” is replaced by “vulnerability” as threats can be internal (e.g. a disgruntled, almost fired employee) and external (e.g. state-sponsored hacking).
Here are three ways a company can secure devices assessing its network while implementing Zero Trust —
1. Identify managed and unmanaged devices
With today’s changing working environment (a.k.a the famous WFH), not all devices are connected to the company’s secure Wifi. Unless a company has very strict IT policies, the line between personal and professional work devices is blurring. Companies should identify which devices pose risk.
There are two main types of devices in a company’s network:
Unmanaged devices (or BYOD), are completely controlled by the employees. That means the company’s IT team cannot always add the necessary security solutions required to secure the device.
Managed devices are managed by the company with employees having limited control. These devices are more secure due to the regular patching and security updates by the company’s IT team. The user accessing the device can also be identified (with the exception of a stolen device).
The NIST Cybersecurity Framework should be used as a standard to identify all the devices on the network.
2. Secure unmanaged devices using network segmentation and isolation
Unmanaged devices can be a security pain point. Companies don’t know whether the device software carries any security risk or vulnerability. Under Zero Trust, unmanaged devices are not trusted even when they are inside the network after proving their identity. These devices should be segmented separately on the network so that they can be monitored continuously for threats. This isolation also makes automation of threat response and implementation of security policies easier.
Some common tools to identify unmanaged devices:
3. Secure managed devices using Unified Endpoint Management (UEM)
According to ManageEngine, Unified Endpoint Management software enables organizations to “easily push out device policies, applications, and environments, meaning devices go from out-of-the-box to in-use faster and with better baselining”. This centralized platform secures and tracks managed devices in a cost effective manner and allows for better security.
Some common UEM software —
In conclusion, under Zero Trust framework, whether a device is known or unknown to the company network, it should not be trusted.
