Earlier this summer, a local Georgia police sergeant used his patrol-car computer to access a law enforcement database to retrieve information about a particular license plate number in exchange for money.
The decision of the U.S Supreme Court in relation to this event was that he did not exceed his authorized access when he utilized his computer to access the information, even though the information was obtained for an improper purpose. He would have exceeded authorized access only if he had obtained information located in particular areas of the computer, such as files, folders, or databases that are generally off-limits to him.
The perhaps surprising result of Van Buren v. United States makes many in the IT industry question whether the CFAA is a sufficient guideline for data security, especially in the public sector. If anything, it highlights the importance of establishing a Zero Trust Model for public sector entities to prevent improper access to susceptible data.
A Model for Zero Trust in Five Steps
The case described above emphasizes the great importance of establishing a Zero Trust Model when it comes to employee access to sensitive information. Below we’re breaking down five steps to take as you embark on your journey to implementing Zero Trust architecture in your organization.
- Take Stock of Your Cyber Infrastructure Inventory
Although it may seem obvious, maintaining a precise inventory of your cyber structure is essential to implementing our Zero Trust Model.
You must keep track of the precise role of each of your organization’s employees and devices, including their access to data within your network.
Understanding the breadth and depth of your infrastructure is truly the first and most critical step in the process of transitioning to Zero Trust. It may seem daunting, but it is simply a step that your organization cannot afford to skip.
- Make Incremental Changes
The Zero Trust Model is not implemented overnight. Before undertaking a complete renovation of your whole process, it may be wise to assess which Zero Trust practices and tools could successfully work alongside your legacy setup.
It is important that you identify the strengths and flaws in your existing structure and allow new processes and practices to complement what is already working. Test what works best for your organization and then improve upon it incrementally in order to build a scalable process.
- Zero Trust is Different for Everyone
Just as references are the best recommendation for a new job, experience is the best guide when transitioning to a Zero Trust Architecture. Organizations like Acronis SCS, which have been there before, can act as a guide and supply the necessary tools and solutions to pave the way to a smooth transition to Zero Trust.
- Let Tactics Inform Your Strategy
Reengineering your policies, developing and reinforcing your goals may go hand-in-hand with the process of adopting a Zero Trust architecture in your institution. Big shifts such as a new cyber security infrastructure will most certainly take a high-level buy-in from key stakeholders. Fortunately, the conversation doesn’t have to be a difficult one. With headlines popping up each day describing potentially disastrous ransomware and other cyber attacks, the need for Zero Trust is becoming more and more apparent each day.
- Invest in Your Human Firewall
Your “human firewall” has an important role to play in your organization’s adoption of Zero Trust. As such, it’s essential to invest in and empower your team to do their part.
The two most essential principles of the Zero Trust approach are never trust, always verify. If this modality is implemented correctly, your organization will experience a significantly lower risk of breach caused by human error.
However, that doesn’t mean you should ignore the critical function played by people in ensuring the security of your systems and information against cyberattack, data loss, and compromise. According to a Verizon study, Spear-phishing attacks were responsible for nearly one-third of data breaches, while human-based errors had a causal role in more than a fifth of breaches.
One of the most effective strategies is to empower each employee to be a human firewall. A team effort is essential to successfully implementing a Zero Trust framework, and promoting a culture of cybersecurity will go a long way towards its successful fulfillment.
Acronis SCS is Here to Help During the Zero Trust Journey and Beyond
Acronis SCS is here to walk with you on this journey, offering a guiding hand and a wealth of experience. We’ve been there, and we are here to help regardless of where you are in your implementation process.
Your path to Zero Trust will invariably be different from that of other organizations, including ours. Even so, our experience can help to shed light on your process. Coupled with tools that can ease the process for any organization — such as Acronis SCS Cyber Backup 12.5 Hardened Edition, a backup and recovery solutions with included active anti-ransomware protection — we can help safeguard your organization from expensive data breaches. In addition, our notarization and digital authentication solution is an easy-to-use way to prevent data tampering.
Recent history has shown us how critical it is to heed the findings of Van Buren v. United States. It’s never too soon to begin the process of adopting a Zero Trust Architecture and secure your company’s sensitive data.
