Overview

Do you remember the infamous historical character from the battle of Plassey? The chief commander of the Nawab of an East Indian province became an embodiment of betrayal after the historic loss in the battle. The culprit misused the blind trust and faith that his nawab kept on him and eventually allowed the British troops to conquer the land. Who knows if the Nawab would have verified this trustworthiness, maybe the history would have been different? Trust, once lost, can never be retrieved – similarly, the loss which incurs from a mistrust is rarely recovered.

What is the moral of the story?… never assume the ‘trust’ but always reassess it.

A modern IT ecosystem is no different from a fallen empire where a major part of the infrastructure security relies on reassessing the trust. For any IT ecosystem, privileged identities hold the key to the ‘kingdom’ of confidential business data. If any of those identities breach the ‘trust’, it could result in a catastrophic IT incident.

The IT environment that is capable of defending both internal and external threats and can continuously re-assess the trustworthiness of privileged identities, is the strongest “commander” of the organization. Therefore building a Zero Trust architecture, wherein the ‘trust’ of every identity is continuously evaluated is of utmost importance.

As the global organizations are prioritizing health and safety due to the on-going pandemic, employees and employers are increasingly getting accustomed to remote work culture. It’s a huge security challenge especially when end users remotely access business-critical information. Traditional firewalls can no longer offer the same extent of IT security for employees who are logging remotely.

Further, distributed data centers, adoption of cloud environments and integration of IT operations with third-party service providers have expanded the threat surface. This is where the Zero Trust security framework becomes crucial.

Why does your enterprise need ARCON | Privileged Access Management?

The crux of ‘Zero Trust’ security model

Banking, Government, Insurance… Almost all industry verticals are adopting this new security architecture. So what exactly is it? How different is the Zero Trust framework from the others?

The Zero Trust security model is a conventional shift from a perimeter-centric security approach to the data-security centric model. This model challenges the conventional model, which is more inclined towards perimeter (network) security… focus is on firewalls and advanced tools like network intrusion detection systems.

More importantly, the conventional models assume that there is no threat inside the inner IT realm. That notion is wrong. If that’s the case then why are we witnessing the abuse of privileged identities so often?

On the other hand, the Zero Trust model never assumes ‘trust’ but it continuously assesses ‘trust’ using risk-based assessments available from information gathered. Secondly, the model rightly assesses a modern-day enterprise IT ecosystem, which is distributed. Users access to databases and applications is not only happening from on-premises data centers, but from remote and third-party environments as well.

Resultantly, the model says there is an urgent need to have a unified data security policy for all applications and databases, which can be done by constructing semi-perimeters and semi-segmentations, so that access to every database and application is secure, controlled, and documented. ‘Deny all access, until the identity’s trust is verified’… that’s the need of the hour.

ARCON | Privileged Access Management (PAM) solution helps organizations to build the foundation of Zero Trust architecture. The tool is built on the credo which is ‘Assessment of trust is not a one-time task, it is a continuous process’ and therefore, “we trust you, but we will continuously assess the trust’.