In our previous article in the Zero Trust series, we looked at an overview of what a Zero Trust network is and how it works. Now it’s time to get into the nitty gritty of how you can architect your own Zero Trust network. Don’t worry, it’s not scary!
Ready? Then let’s dive in to the three key steps you must take when designing your Zero Trust architecture model.
Usually, architecting your IT consists of stretching a one-size-fits-all model to cover your specific data and needs. Zero Trust is different because your architecture will organically grow to fit your data precisely. No two Zero Trust security architectures will ever be the same.
The steps are:
Your “protect surface” is everything you want to protect. It contains all of your business’s digital assets, including your sensitive or proprietary data, your Word/Excel/PowerPoint/Access files, your line-of-business and accounting apps, and your CRM data. You can assume that everything outside of your protect surface is unsecured.
It’s usually pretty easy to ID what your most sensitive data is and many organizations can figure out their top assets and apps… but you may need some help figuring out what your crucial IT services are.
Next, you need to get a good idea of who or what is accessing your data, and why. Remember, “traffic” is more than just people – it’s also all the other apps, services, and data that access or link to the items in your protect surface. All those little interdependency details are what create the backdoors and security loopholes you’ll want to close up.
To do this best, you’ll want to monitor every packet that moves across your protect surface. That way, you can determine the source of those packets and close any gaps in your overall cybersecurity. After completing this step, you’ll understand which traffic makes sense for your needs and which traffic is suspicious.
Your Zero Trust protect surface guards your sensitive data with extra security measures, keeping your data safe on any device and in any location. As your data grows day-by-day, your protect surface should also grow with that expanding data. To keep your protect surface growing properly, you’ll need to design and implement a Zero Trust plan that includes detailed rules, controls, permissions (ACL changes), firewall policies, and more.
Here’s the tricky part: Once you’ve created your plan for rules and controls, you need to apply them to your ever-expanding data, so you can maintain your protect surface and your Zero Trust setup. This takes implementing a Zero Trust setup that touches all of your firewalls, routers, switches, software firewalls, and AV equipment (along with every single other piece of tech you have) to lock down your protect surface.
You could spend hundreds of man-hours to accomplish this… or you could deploy newer, smarter toolsets that effectively do all the work for you. Why make things hard on yourself when you can use handy software tools like Microsoft Intune + Azure along with EDR Antivirus or a Managed Detection and Response (MDR) solution to make this process much easier?
If the easy route sounds like the best option for your needs, all you have to do is work with an MSP that is experienced with Zero Trust methodologies. Zero Trust providers can create a flexible, automated system for you that expands and evolves all the time, so you can ensure that your business data stays secure – in all places and at all times.
After you have designed and implemented your Zero Trust architecture, your next step will be to maintain it. We’ll discuss that in the next article in this Zero Trust strategy series, “How to Maintain Your Zero Trust Network.”
For nearly 20 years, the friendly IT experts at Interplay have helped Seattle-area business leaders solve all their business tech and IT issues quickly. If you’ve had concerns about how WFH and remote working has affected your cybersecurity, Interplay can determine the answers for you – and fix any problems fast!
Best of all, the downright-awesome team at Interplay can also help answer all your IT questions and support queries, beyond just cybersecurity. Wondering, “How do I SharePoint?” We’ve been answering that a lot lately for clients new to WFH, and we’re so totally happy to help you figure out your WFH and remote tools as well.