What to Know About the Zero-Trust Security Model in 2021

Jan 21, 2021 by

Zero Trust strategy—what good looks like

As far as cybersecurity concerns for higher ed, 2020 was a challenging year, to say the least. The COVID-19 pandemic left universities reeling in so many ways. They had to suddenly shift to online learning models, meaning their cybersecurity vulnerabilities were more exposed than ever before and were paired with new, unprecedented threats.

This wasn’t something exclusive to higher education. It was felt by companies and government organizations throughout the world.

It made priorities shift, and more resources are being dedicated to cybersecurity.

One part of that trend is a rapid transformation to the zero-trust security model. For universities and institutions of higher education, as well as any organization, the following are things to know for 2021.

Moving Away From a Model of “Trust But Verify”

In some ways, universities, and organizations of higher education face even more challenging cybersecurity situations than other types of businesses. This is because the core of what they do is based around the idea of open collaboration and information.

However, 2020 showed us that it’s time to move away from the model of “trust but verify” as far as cybersecurity is concerned.

The zero-trust model is proactive and can keep universities and higher education organizations protected.

The Premise of the Zero-Trust Approach

The zero-trust approach to cybersecurity and infrastructure security means that no one is automatically granted access based on their role or any particular characteristic. This applies to students, staff, and administrators.

Rather than being admitted by a characteristic, validation and authentication have to always occur.

The premise of zero-trust is much more cautious than that of perimeter-based security.

In a zero-trust security approach, no one network is trusted. Credentials and access are individual.

This compares to the previous best practices for security, where the goal was keeping the internet separated from an internal network. Then, in the past, internal users would be placed into segmented network groups. In the university setting, this might have meant, for example, that students would be on one segment of the network and faculty and staff on the other.

Gain Visibility

The first step to a zero-trust security model relies on complete visibility.

There are so many devices that are part of a university network on the part of students and staff.

The majority of devices aren’t managed by a university’s IT team, and the devices aren’t going to be able to operate with just traditional means of security.

University IT professionals are going to have to find a way to get complete visibility into all the devices connected to the network, including both wireless and wired.

It’s only once that central visibility is present that a zero-trust architecture can be used.

Building a Zero-Trust Environment

Along with visibility, for a zero-trust environment to be implemented, there needs to be a strong foundation of security-related technology.

Some universities and institutions of higher learning may need to completely revamp their security, while others might just need to make changes in their configurations.

Access management and identification are critical to zero-trust.

There’s no longer a reliance on network location, so the authentication controls are the primary way security is ensured.

Beyond that, the university or school needs to have monitoring that is constantly tracking activity at both the user and network level.

The collection of log entries and other data is important. Along with collecting the data, it needs to be put to use.

Automation should be part of zero-trust as far as going through all activities and potential threats. Then, there needs to be a human element to discern which threats require more attention.

In a zero-trust architecture, if an attacker does gain access to an endpoint, the idea is that the damage they can cause is mitigated.

A few other key points as far as zero-trust architecture and cybersecurity include first that there needs to be well-documented and centralized policies regarding network access. The experience, along with providing security, needs to be positive for students, staff, visitors, and administrators.

Something else to reiterate is the role that AI and automation play in a zero-trust environment. There are so many alerts that come through to security teams every minute of the day. Automation can alleviate some of the burden, so security teams who are already stretched thin can focus on the most important of security operations.

Machine learning and analytics can not just provide continuous surveillance but also detect attacks that might otherwise go under-the-radar or remain hidden, so they can be dealt with faster.

Print Friendly, PDF & Email

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.