3 strategies to move left of breach
- By Michael Crouse
- Sep 01, 2021
Data breaches continue to grow in cost and frequency, casting a shadow of inevitability over government security. While having a clean-up plan is prudent, government organizations especially should not give up on moving left of breach -- a phrase that refers to detecting and preventing potential breaches, not just reacting to ones that already happened.
How can agencies move left of breach? By implementing zero-trust architecture . In simplest terms, zero trust requires continuous verification, as it assumes any user or device could represent a potential threat -- a logical assumption in a word where workers are increasingly remote. A recent Ponemon research report that surveyed over 600 government IT pros found that while 83% said zero-trust architecture is important to improving their security posture, less than one-third had one.
In May, President Joe Biden released an executive order mandating federal agencies plan their transition to zero trust; however, many don’t know where to start. The following three strategies will help federal agencies advance toward zero trust in a bid to move left of breach.
1. Assess infrastructure gaps. The Department of Defense breaks zero trust into seven pillars, or focus areas, and the first five pillars -- user, device, network/environment, applications/workloads and data -- are useful for assessing infrastructure gaps and silos. Users are key to zero trust, and for good reason. Most agencies understand the importance of identity access management capabilities like multifactor authentication, which allows an organization to enable the right individual to access the right resource at the right time for the right reason. However, as the DOD’s zero-trust architecture outlines, there are other crucial components: securing devices (including real-time patching), segmenting networks (logically and physically), managing applications and compute containers and having a comprehensive data management strategy (i.e. encrypting data at rest and in transit). To truly move left of breach, authentication must occur at each of these points. Department heads and stakeholders must come together to assess what technologies are in place for each pillar and ensure that there are no security gaps within the entire infrastructure.
2. Generate a trust score. Thinking of users, devices, networks, applications and data separately is a useful exercise for ensuring each is covered. However, zero trust doesn’t stop there. The sixth pillar is visibility and analytics, and it relies on input from the first five. Agencies need a tool that operates as the “brain” of their zero-trust architecture. By understanding activity baselines and normal behavior, the brain can quickly detect anomalous behavior that might represent a threat. With visibility and analytics, agencies can continuously evaluate how trustworthy users and their actions are, creating holistic risk scores for each user. This granular level of analysis is crucial to zero trust, as it allows for similarly granular policy controls to quickly prevent a breach.
3, Dynamically adjust policy. Once the first five pillars are integrated with an analytics tool to generate real-time holistic trust scores, those scores must be fed back to control points, including those at the edge. If users start to demonstrate behaviors that are less trustworthy, the system must be able to receive those analytics and dynamically adjust access. If users are accessing data they shouldn’t be, for instance, security professionals with access to mitigation technologies like data leak prevention can take the appropriate action to minimize the risk of inadvertent or malicious data spills. Actions could include prompting users for additional authentication, encrypting the files before transmitting or blocking access to the files entirely. This process should be automated because in the blink of an eye, the breach could be over. Dynamically adjusting policy based on entity (user or device) trust scores helps agencies react to threats -- malicious or accidental -- fast enough to make a difference.
To truly move left of breach, agencies must implement zero-trust architecture. With people and data everywhere, gaining visibility itself is hard, much less developing analytics and automation. No wonder zero trust feels like an enormous undertaking to so many. By following these recommendations, agencies can be well on their way to moving left of breach.
Michael Crouse is director, enterprise user and data protection, global governments and critical infrastructure, at Forcepoint.