ARTIKEL — August 27, 2021

Maximize Data Protection With Zero Trust Security

Zero Trust Security

With the advancement of cloud data storing, companies are able to access data anywhere using any devices. This type of data storing relies heavily on third party data storing. Without proper security, companies are prone to data breach. A report suggested that over 59% of companies experienced a third party data breach. Additionally, companies will suffer greater financial loss when the incident involves a third party instead of a single party event.

Data breach from stolen credentials, excessive permission, insider threats, and malware can be burdensome to deal with. A more secure way to access corporate data is needed. That is why zero trust security is developed.

Zero trust security, is a corporate cybersecurity model that protects data breach through network by using verification. It is known for its motto, “never trust, always verify.” The conventional cybersecurity network assumes that everything behind the corporate firewall is safe. Zero trust security model assumes that every access to the corporate network is not safe, therefore it must be verified. Additionally, certain clearance is needed to access highly sensitive data.

Presently, zero trust security has become more dynamic in its approach in cybersecurity. Having zero trust does not always mean always asking for verification because it can be impractical. Instead, it gathers data using various sources to evaluate access requests and user behavior. It will track devices that were used to access the data or even indicate suspicious activities from any users.

Zero Trust Security Principles

Zero trust security works not just by authenticating, but also limiting access, and also continuous monitoring. Microsoft summarizes zero trust security principles into three points:

1. Verify Explicitly

As a first line of defensive action, verification seeks to find out the subject behind the request access. It has to meet certain data requirements to authenticate such as location, device vulnerability, workload, data classification, and anomalies. It applies to clients as well as internal staff.

2. Least Privilege Access Model

With the rampant application of remote working, it will be hard to limit data access if for people who are working with multiple devices. Traditionally, companies required organizational-owned devices to grant access to these data. Least privilege access creates limited actions that are specific to a curtain goal or task after validation which can be accessed from personal devices. This will give clearance for users to access necessary data while preventing attackers from gaining access to highly sensitive data.

3. Assume Breach

By assuming that data breach already happened or will happen, it will mitigate impact before turning into a data breach disaster. This is done by segmenting access, implementing continuous verification and utilizing analytics to detect suspicious activities and improve defenses.

Zero trust security is an ideal solution for companies who are implementing remote working. It creates visibility and puts suspicion on everyone inside or outside companies. This is a critical aspect of security. As an illustration- In 2009, Google implemented BeyondCorp, a security framework that uses a zero trust system as a response to a prevalent cyber attack. This implementation assesses individual devices and users that access corporate data. As a result employees can have secure access wherever and whenever, even without encrypting their connection using VPN. In banking where sensitive data are mostly shared in an on site meeting, zero trust security grants access to individuals who have clearance over this access.

In summary, zero trust security can help protect your data and client's data, acquire visibility of every traffic in your enterprise, creating a simpler security task, and better user experience. At the same time, you will be protecting your company’s reputation as well as financial losses. In the near future, Telkomsel will release a new security solution that can help you strengthen data security and protect your assets. Stay informed by visiting our website at www.tekomseliot.com.

Manufacturing Business
NEWS — Oct 25, 2021
The Unbeatable Business Benefits You’ll Gain Through Data Insight

Smart Manufacturing Solutions come with high ROI. With data Ins

READ MORE >>
Smart One
NEWS — Jun 15, 2020
Transforming Your Everyday Airport Into a Smart One

IoT has the ability to make businesses processes run much smoot

READ MORE >>
How IoT Can Help Decision-Making in The Public Sector
NEWS — Mar 16, 2020
How IoT Can Help Decision-Making in The Public Sector

Leaders in the public sector businesses have to manage big, lon

READ MORE >>
NEWS — May 29, 2019
FinTech Indonesia: Banking the Unbanked

FinTech, or financial technology, is currently rising in Indone

READ MORE >>
Implementing a DIY IoT
NEWS — Apr 13, 2020
Why You Should Think Twice Before Implementing a DIY Internet of Things

IoT implementation is becoming a table stakes change that’s n

READ MORE >>
AR and VR Increase Industrial Productivity
NEWS — Jan 26, 2022
How AR and VR Increase Industrial Productivity

Can we take the AR/VR to factory sites? The answer is yes and t

READ MORE >>
The Benefits of Securing IoT
NEWS — Feb 24, 2020
The Benefits of Securing IoT for Utility Companies During Unpredictable Weather

Bad weather has its own impact on utility providers in Indonesi

READ MORE >>
PMI’s Critical Pandemic Response
NEWS — May 14, 2020
Telkomsel IoT Solution for PMI’s Critical Pandemic Response

Collaborating with Palang Merah Indonesia, Telkomsel IoT provid

READ MORE >>