"Doveryai, No Proveryai" ("Trust but verify") is a Russian proverb, which became the catch phrase of Ronald Reagan during his nuclear disarmament negotiations with Mikhail Gorbachev.
It was not so long ago that all resources and users were inside the network perimeter. Network security, and an antivirus on endpoints, were pretty much everything we needed.
The cunning Ulysses has already demonstrated the limits of this approach.
We live in a new reality and we can no longer believe that everything that happens behind the business firewall is safe.
This is where the Zero Trust model comes in.
It has been more than a decade since Jon Kindervag, then at Forrester, founded the concept "Never trust, always verify". Like Joseph Stalin who would have said "I trust noone, not even myself".
This approach was adopted by all IT industry players including Microsoft, the NIST, Google and Fortinet.
Zero Trust represents a must-see change in the security strategy in order to adequately meet major changes in:
The Zero Trust concept includes the following three principles:
Zero Trust is both a model, a state of mind and a plan of action. And as such the roadmap is specific to your company.
You should aim, in stages to:
Of course you should always start by identifying your vulnerabilities through audits, then after analysis and depending on your risk tolerance, determine your action plan and its steps in order of priority.
It is obvious, however, that the urgency is to secure identities and devices since these two surfaces are today the most attacked and constitute your greatest risks.
At this very moment, cybercriminals take advantage of your outdated defense by capitalizing on the vulnerabilities of your systems.
So that's where you should start, since the implementation of these two measures will provide you with the greatest value for a minimal investment.
These two measures should be put in place immediately.
Once these two leaks are sealed, you will have time to establish a more expanded roadmap.
Contact us without delay for a conversation with one of our security specialists.
We also invite you to consult the following articles and subscribe to our blog.
https://blog.present.ca/5-deadly-myths-for-small-business-security
https://blog.present.ca/present-just-saved-another-client-from-a-cyberattack
https://blog.present.ca/how-to-recover-from-a-ransomware-attack