How to Implement Zero Trust Architecture
At a time when ransomware attacks and data breaches are inevitable, it’s clear a zero trust security strategy is your best defense. The principles of zero trust make perfect sense in theory, but how do you implement them in practice?
Myota Chief Product Officer Gabriel Gumbs shared these best practices for deploying zero trust architecture at the recent RSA conference.
What are the tenets of zero trust architecture?
Zero trust seeks to protect data by explicitly verifying each user and granting the least amount of access they need to do their jobs. This minimizes both external risks and insider threats. According to the National Institute of Standards and Technology (NIST), zero trust architecture includes these tenets:
- All data sources and computing services are considered resources
- All communication is secured regardless of network location
- Access to individual resources is granted on a per-session basis
- Access to resources is determined by dynamic policy, including the observable state of client identity, application and the requesting asset
- The enterprise monitors and measures the integrity and security posture of all owned and associated assets
- All resource authentication and authorization are dynamic and strictly enforced before access is allowed
- The enterprise collects as much information as possible about the current state of the network infrastructure and communications and uses it to improve its security posture
Managing these policies and protections looks a bit different depending on where the data lives, but it should always start with the data and extend to the infrastructure — not the other way around.
How do you deploy zero trust architecture?
Building a zero trust model starts by identifying the roles and responsibilities for anyone with access to data, including your employees, customers, vendors and any third-party applications or integrations you may be using. Each user should have access enabled through single-sign on, with multi-factor authentication. Here are some other important steps:
- Identify controls and policies between workloads and data
- Evaluate the type of access controls required from the data to customers, users and services
- Start with directory service controls, such as security groups and access control lists (ACLs) and discretionary access control lists (DACLs), which allow for a layered zero trust security approach you can manage from one central platform
- Implement separate privileged accounts to for specific application uses cases
- Use file monitoring and vulnerability scanning to identify issues within those environments (such as open S3 buckets or overly permissive access to a cloud storage account)
How does Myota simplify Zero Trust data protection?
While many of these best practices apply to any storage environment — including cloud storage, virtual desktops and software as a service — it can be complicated to manage them all without a centralized platform. Encrypting data on a desktop is different from deploying the same tactic in a cloud environment. And securing data in the cloud involves being aware of other factors like identity access management policies that can expose sensitive data if they aren’t properly configured.
Myota’s S3-compatible data storage secures unstructured data through a dynamic object storage interface that supports your cloud workloads, including applications, webpages and hyperconverged infrastructure. The patented platform combines user and device access controls with unique data micro-segmentation technology to enable organizations to overcome external and insider threats.
Myota’s data micro-segmentation and advanced dispersion goes beyond standard encryption to render files unusable to attackers with the ability for your team to easily recover them in the event of an attack or disaster.
The solution is easy for your team to deploy with no middleware or backup and easy for employees to use with no training. The Myota Console gives administrators full control to manage zero trust policies, including granting or revoking access to any user or device.
If implementing zero trust architecture is a high priority for your organization but you don’t know where to start, schedule a demo to see how Myota protects your data across storage environments without compromising accessibility or speed to innovation.