Today, the modern workplace can no longer be defined. We work anywhere, with various cloud platforms such as Microsoft 365, SalesForce... and access company data from multiple devices. Even interactive displays in meeting rooms, smart thermostats, solar panels... Everything comes into contact with the network.
Users and devices are thus constantly inside and outside the company's physical and virtual boundaries. The question then becomes: how do you secure such an environment?
Today, we only work with the Zero Trust strategy
This implies that no device nor user is simply trusted and only strictly necessary access is explicitly granted. With Zero Trust, every activity is scrutinised based on the following core principles:
- Explicit verificationit repeatedly authorises the user based on various parameters, such as identity, location, network and/or device status (e.g. is all software up to date? is there TPM...).
- least-privileged access
rights of users are limited to the minimum data and systems required to perform their tasks.
- Assume breach
We always assume that a hack has occurred or will occur. Proactive measures are constantly being taken to mitigate potential damage.
An example: via phishing your CFO's password was stolen, and via SIM-Swapping, the two-stage authentication was also bypassed. Normally, the hacker would then be inside. But with Zero Trust, location is also taken into account. Is the 'user' in another country or outside trusted networks? Then access is still barred. A USB dongle can also be provided that must be connected to gain access.
Suppose -in the worst case scenario- that a hacker were still to get in and inject malware into known software, it stings EDR this again immediately. This solution closely monitors every software activity, even that of trusted programmes, and blocks all suspicious activity by default. Never trust, always verify...
Zero Trust in your organisation?
Zero Trust is thus a collection of carefully configured security policies enforced across the organisation: from identity to device, from network to data, from business floor to cloud...
Every company is different, so it is important to tailor this strategy to your needs. For this, you can rely on our security experts. We have already set up hundreds of zero trust environments and apply our broad knowledge from Firewalls to EDR to Microsoft 365.
Want to know more about Zero Trust?
We recently organised a extensive webinar by our Microsoft 365 specialist (softly spoken) Jente Vandijck which you may rewatch for free. It is only 34 minutes long, but tells you almost everything you need to know. 'Ask' via this link.
Also, through a Security audit your environment under the microscope. We are here for you!