Implementing a Zero Trust Policy for Your Network

As technology continues to evolve, so has the prevalence of cyberattacks and cybercriminals. Sophisticated methods of these cyberattacks and intrusions target the vulnerabilities of operating systems, networks, and devices, and are often undetected by antivirus software. Cybercriminals take advantage of the explosion of the Internet of Things (IoT), by sending out malware through emails, links, and downloadable files to network-connected devices. Companies have invested billions of dollars in cybersecurity, hoping to avoid the cyberattacks that pharmaceutical company Merck and England’s National Health Service have experienced. Cybercriminals are always looking for new ways to circumvent companies, and what has worked previously to prevent cyberattacks may not be enough the next time. The US House of Representatives Committee on Oversight and Government Reform recently issued a report containing a formal recommendation that federal agencies should adopt the “Zero Trust” principle created by Cambridge, Mass. firm Forrester Research, insisting that internal and external networks cannot be trusted.

Traditional network designs using zones and placing greater attention on protecting the zones furthest away from these “flat” networks is no longer enough. Malware penetrating these flat networks would be able to access anything within the network. Jeff Pollard, a principal analyst who specializes in cybersecurity at Forrester Research, explains that Zero Trust “makes so much sense today (because) networks no longer have an outside. The perimeter has disappeared and organizations of all sizes have multiple third-party connections, data-sharing agreements, hybrid cloud deployments and remote users. Relying on a model that assumes if you are inside the network you must be OK is a recipe for disaster.”

Pollard also states that the healthcare industry would benefit most from such a Zero Trust philosophy. Healthcare organizations require other partners and independent contractors for managing healthcare records and operating imaging equipment, in addition to other processes. Allowing access to networks via many different sources allows for malware to infiltrate these sources. When connected to a network, malware infiltrates these sources from the inside, allowing cybercriminals to hack patient files or hospital equipment housed by these healthcare partners and contractors. Implementing a Zero Trust policy on these networks will assist in alleviating cyberthreats to healthcare and other business organizations today.

Photo courtesy of http://www.healthcareitnews.com.