Zero Trust IT Service Model Keeps Your Network Safe

Trust No One: The Anatomy of a New Security Model

The world of information technology sometimes feels like an old seafarer’s map showing monsters lurking in deep waters and warning, “There be danger here.” The digital world doesn’t need to be so melodramatic, but no company should ignore the warning that danger is all around.

From ransomware to malware to hackers stealing private data, businesses need a strong IT infrastructure to protect against these threats. Zero Trust Architecture, or the Zero Trust model, is a highly secure method of protecting your data that has gained popularity in the last few years. It switches up the traditional idea of “trust but verify” to “never trust and always verify” and can be implemented over time with existing technology.

What Does Zero Trust Mean?

Zero Trust is exactly what its name implies. Trust no one entering your network no matter where they are located, whether from the security of your office or logged into the unsecured Wi-Fi of a hotel. John Kindervag, creator of the Zero Trust model, refers to the danger of the current system as “relying on a broken trust model” where there is a consistent failure to verify when a person accesses the system from a trusted source. Once the user, harmless or malicious, is past the perimeter security, they become a trusted user and have access to the network.

The Zero Trust model eliminates this danger by having no trusted source or trusted user that could be overlooked in the verification process. All traffic, anywhere in the network, is subject to segmentation, authentication, and verification. According to the Zero Trust model:

  • All resources should be accessed in a secure way regardless of location or user.
  • No user receives access to all information. Strictly enforce access to information on a need-to-know basis.
  • All traffic going into or out of the system is inspected and logged in order to catch malicious traffic.

What does this mean? Imagine your system is a battleship. Inside, there are hatches that can be sealed to cut off a breached part of the ship so the whole vessel doesn’t sink.

In the current popular method, all the hatches are open once you make it inside the ship. The only barrier is the outer hull, the perimeter security of your system, and you can move freely throughout the ship without reauthenticating.

In Zero Trust, every hatch on the ship is closed, and you must have the proper access codes to open each door. Once you’ve proven yourself, only the room you need information from is opened, all other hatches remain closed and protected. In order to get to information you’re not supposed to have, you’d have to break through each door one at a time, all while someone is monitoring your movement through the ship.

Via network segmentation and next-generation firewalls, Zero Trust uses existing security features such as multifactor authentication, analytics, encryption, security groups, and file system permissions to secure all information and allow in only those who have proven they should have access.

How Should I Start a Zero Trust Model?

Zero Trust is more than just the technology—it’s a way of thinking about who has access to your network. Trying to overhaul your entire system to a Zero Trust model in one go would be expensive and confusing and could lead to downtime that your business can’t afford. It also requires a great deal of technological know-how, IT security, and consistent management in order to give appropriate access to the correct people for the intended information.

For most businesses, when implementing a Zero Trust model, start small. While a complete overhaul would be costly, Zero Trust features can be easily adapted into current systems in pieces and, over the course of several years, be built into all areas of a business’s systems. Many new features of business technology, such as cloud services, already work well with the Zero Trust model and can be easily adapted.

Any business wanting to begin the move to a Zero Trust model should identify a small piece of their system, such as customer personal identifying information or credit card information, and institute segmentation and authentications around that information. You can then build your Zero Trust network from there over time.

Allow Managed Services to Bring Zero Trust to You

The Zero Trust model is a good way to secure your information, but if you don’t have your own IT department, it can be a challenge to implement. Zero Trust requires more than an IT company to set it up, walk away, and leave it to run. It will take time and constant adjustment to bring your current network into a complete Zero Trust model. A managed IT services company like Anderson Technologies is the best way to ensure your business is moving toward a Zero Trust model. Managed IT services can offer:

  • equipment set up
  • implementation
  • maintenance
  • employee training (most important)

For a small business, taking the time necessary to figure out IT improvements like this on your own can hinder the daily running of your business. Don’t let security get in the way of serving your customers. Zero Trust eliminates the threat of trusting too much but only if properly installed.

For more information about moving toward a Zero Trust model, contact Anderson Technologies by email at info@andersontech.com or by phone at 314.394.3001.

Outdated equipment are a cyber security vulnerability

Quotables: 32 Cybersecurity Experts Predict Threats and Trends for 2018 (phoenixNAP)

Check out Amy Anderson’s recent guest contribution on phoenixNAP providing readers with insights to help protect data and secure businesses long term!

Read the full article on the phoenixNAP website.  Amy’s quote is number 24.

https://phoenixnap.com/blog/cybersecurity-experts-threats-trends

Are you in need of expert IT consulting?  Anderson Technologies is a St. Louis IT consulting firm that specializes in system administration for small businesses.  Let us help you today!  Give us a call at 314.394.3001 or email us at info@andersontech.com.

What are Quotables?  This is a category in our posts to highlight any professional publications that benefit from our expert IT consulting advice and quote us in articles for their readers. 

User Frustrated by Critical IT Issues

How 5 Critical IT Issues Are Compromising YOUR Business

Are you sure your company’s IT technology is efficient and secure?

In a recent study of St. Louis small businesses, Anderson Technologies found common technology problems. While not all apply to every business, it’s important to be aware of IT issues that could one day strike your company. It’s also best practice to evaluate your business’s individual IT needs—you may have a weak spot you never noticed before!

Without your knowing, an issue may have been improperly addressed by professionals. During our initial infrastructure assessments, we found a disheartening number of instances when another IT support firm told a company it resolved a problem when it unfortunately hadn’t. Could this be happening to you?

In our recent study of businesses audited in 2017, Anderson Technologies found a pervasive set of problems that included firewall misconfiguration, missing Windows patches, lax password policies, unchecked backups, and failing workstation hardware. After receiving IT consulting from Anderson Technologies, these St. Louis businesses experienced vast improvements in security and performance.

In the event of a hacking breach or physical devastation, the following five components work together for security and prevention of lost data. An evaluation of these common problems, along with help from your managed IT services provider, can bring your business up to speed.

  1. Hardware Firewall: Your Fortress Barrier (Or Is It?)

The number one issue we discovered was problems with firewalls. One hundred percent of the small businesses we assessed operated with hardware firewalls that were either out of date or not performing to their utmost capability.

Envision your firewall as a fortress barrier. If the wall collapses, the entire city becomes vulnerable. A firewall protects your system from outside attackers and is your first line of defense. To be effective, firewalls must be updated regularly, and patches should be audited. If an update isn’t applied properly, it’s imperative that it be corrected quickly.

There are two types of firewalls. The first is a hardware firewall. This physical device stops a threat before it ever gets into your system. The second is a software firewall, a security application installed on your computer or server. Many small businesses believe a software firewall provides adequate protection, but it allows the threat onto the local area network before it can be stopped. In other words, a software firewall is not a wall fortifying your city of information. It’s the guard who raises the alarm that the enemy has already infiltrated.

To make matters worse, one-third of the companies we analyzed did not have anti-virus and anti-malware software on their servers! Make sure you’re not a sitting duck for a hacker to target.

At Anderson Technologies, we use a multi-layered approach to cyber security. If malware makes it through the first layer, there should be other defenses available to detect and stop it before it reaches your vital information.

  1. Keep Your PC Agile: Microsoft Windows Updates and Patches

The number one reason for keeping Windows updated is for security; the next is to make sure the operating system is running at maximum efficiency.

If your computer’s operating system isn’t updated with the latest patches reviewed by your security team, your computer is more easily compromised. Many times, if you’re not prompted for the update, you may think that your computer is automatically updating. It’s wise to seek out updates or patches that aren’t pushed through. Keep an eye on them, or have a managed IT services provider monitor these updates in case something doesn’t get installed properly or shouldn’t be installed due to a vulnerability.

Aside from security, Windows updates fix software problems and keep your operating system running smoothly with the latest technology. Using earlier versions of Windows, such as Windows XP, Vista, or early versions of Windows 7, compromises your security. Some of these operating systems are no longer supported by Microsoft, which means Microsoft is no longer making security updates and patches for those versions. For instance, Microsoft stopped releasing updates for updates for Vista in April 2017.

Every St. Louis business we audited last year had major problems with their Windows updates and patches. All companies were missing critical security updates and patches, and almost 70% of them had other general software problems. Don’t let your computers lose their agility or security.

  1. A Responsible Key Keeper: Password Policies

Do you use the same passwords for various sites or systems?

Are your passwords set to never expire because you or your employees have a difficult time keeping track of multiple credentials?

Forty percent of the companies we audited last year had their passwords set to never expire. This is a major liability. Never changing a password increases the likelihood it will be compromised and used to access secure information. Changing passwords routinely using a password protocol (and ensuring those updates are not predictable) will help your business stay ahead of the hacking game. Although your employees may feel that having secure passwords is difficult in a constantly changing environment, there are applications that can help. Using an application such as LastPass provides a secure repository for your access credentials and keeps your employees from having to remember complex passwords.

Stolen passwords are something Anderson Technologies hears about regularly. They’re going to continue to be a problem until businesses make it a priority to come up with a system for managing strong passwords.

In addition to periodically updating your passwords, outside IT support can help you put a company policy in place that ensures employees are creating complex passwords that truly protect your business.

  1. Fire Drill: Audit Your Backups for Integrity

Backing up servers is vitally important to any business. If something happened—a flood, fire, or malware attack—would you be able to recover?

Do you know how often your backups occur? Do you know how to make sure they’re working? Do you know how to recover your data? If not, check out our blog on why you need better backup solutions.

In a fire drill, each component of the evacuation is carefully tested. Could your backups withstand such a test? Even if you know you have a solid backup system, you should still regularly check it for issues and test it periodically, or have a managed IT services team do this for you. We often see flaws in backup systems due to IT companies who say they have addressed backup weaknesses but failed to catch a vital issue.

Backups can be performed in a variety of ways. Many businesses choose to back up to cloud services. If you choose this route, you could recover your data from anywhere and on any machine. Other businesses choose to back up to a local source, like an external hard drive that can be taken off premise. Either way, the goal of the backup is to have your system up and running again quickly after a disaster.

Depending on how often your data changes and the specific regulations within your industry, backups should happen regularly, whether it’s every hour, every day, or every week.

Half of the companies we audited had some, but not all, data backed up, and another seventeen percent of businesses had no backup system in place at all.

Do you need to rethink your system backups?

  1. The Aged Workhorse: Antiquated Workstation Hardware

Technology ages rapidly.

The capabilities of current computers versus even five years ago is astounding. Machines are much more efficient than they used to be in their processing and energy consumption.

If your hardware is seven years old, you’re working on an ancient workhorse needing to retire.

Over 80% of our audits last year had issues with workstation hardware. If you’re on an antiquated machine, you probably notice the slow speed or glitches. Many businesses operate on a limited budget and may feel they aren’t ready to prioritize hardware purchases because the existing machines still work. Time lost due to slower machines, data lost due to hardware malfunctions, and potential risks of unsupported software are much more expensive than purchasing new hardware.

Computer processor speed, solid state disks, memory capacity and screen quality have all made incredible progress in the last few years. Each of these enhances the user experience and makes your computers and employees vastly more efficient.

We found that workstations were less than half as likely as printers to be kept up to date and monitored. Computers should be replaced at least every five years to keep them up to speed and at their greatest security advantage. Your server’s functionality is no different. Just because you might not work on them every day doesn’t mean they aren’t working for you! It’s time to retire that old machine and employ a nimbler one to improve your day-to-day processes.

Do you think your company could be suffering with any of these issues?

Contact Anderson Technologies’ IT consulting team to help resolve any of these problems. Email us at info@andersontech.com or call 314.394.3001 to start addressing your business’s security issues today.