shane - stock.adobe.com

Extending zero-trust principles to endpoints

By combining zero-trust principles with other security strategies and continuously monitoring and improving their security posture, organisations can effectively mitigate risks and protect their resources, says Gartner's Nikul Patel

In the modern workplace, the proliferation of endpoints has significantly expanded the attack surface, presenting new security challenges for organisations. Security and risk management (SRM) leaders must therefore extend zero-trust principles to endpoints to enhance workspace security effectively. This approach moves beyond traditional security measures, focusing on continuous verification and adaptive access control to mitigate risks associated with both managed and unmanaged devices.

Assessing and integrating security systems

Zero-trust is a transformative paradigm in cyber security that replaces implicit trust with explicit verification for every access request, emphasising continuous risk assessment based on identity and context. However, treating zero-trust as a single product or technology can lead to implementation failures and increased security risks. Instead, look to adopt a comprehensive strategy that integrates various security tools and practices.

The first step in extending zero-trust principles to endpoints involves a thorough assessment of existing security systems. This process includes creating an inventory of all devices accessing corporate resources, both managed and unmanaged, and auditing the applications installed on these devices. Enforcing built-in security features, such as firewalls, access controls, and encryption, is crucial for managed devices. Additionally, removing persistent administrative rights and granting them only when necessary, can further reduce risk. This assessment helps organisations understand their current security posture and identify areas for improvement while also aligning with industry standards.

Read more about zero-trust

Integrating various endpoint security and management tools is essential for a robust zero-trust approach. Combining endpoint protection platform (EPP) with unified endpoint management (UEM) creates a unified endpoint security (UES) system, providing comprehensive visibility and control over managed endpoints. This integration enables continuous risk assessment and adaptive access control, enhancing the ability to mitigate potential threats. Integrating identity and access management (IAM) and secure service edge (SSE) tools offers granular visibility into user and device activities, facilitating more thorough risk assessments and adaptive access controls.

Securing unmanaged devices and continuous improvement

Addressing the security of unmanaged devices is equally critical in a zero-trust strategy. As employees and third-party contractors increasingly use personal devices to access corporate applications, it’s important to ensure these devices are accounted for in their security policies. Implementing conditional access policies based on contextual factors such as user location, time of access, and device type can restrict access to sensitive data from unfamiliar or untrusted devices. Secure access technologies like virtual desktop infrastructure (VDI), desktop as a service (DaaS), and clientless zero-trust network access (ZTNA) provide secure access to corporate resources, isolating corporate data and applications from unmanaged devices while maintaining visibility and control. Multi-factor authentication (MFA) further enhances security by ensuring that only authenticated users can access corporate resources.

While zero-trust significantly strengthens endpoint security, it is not a comprehensive solution. Look to combine zero-trust principles with other security strategies to address the full spectrum of threats. Vulnerability management, behavioural analytics, and threat intelligence are crucial for mitigating various risks associated with endpoints. For example, regular patch management addresses software vulnerabilities, while behavioural analytics identifies anomalous behaviours indicative of potential threats. Integrating these strategies with zero trust ensures a more holistic approach to security, enabling organisations to adapt to the rapidly evolving cyber threat landscape.

Continuous monitoring and improvement are also vital components of a zero-trust strategy. Leverage advanced analytics and machine learning to detect suspicious activities and trigger automated responses, such as blocking access or initiating remediation processes. Mapping controls to zero-trust principles and regularly assessing their effectiveness ensures that security measures remain robust and adaptable.

Extending zero-trust principles to endpoints is essential for enhancing workspace security in today’s complex threat landscape. SRM leaders must adopt a comprehensive strategy that integrates various security tools and practices, addressing both managed and unmanaged devices. By combining zero-trust principles with other security strategies and continuously monitoring and improving their security posture, organisations can effectively mitigate risks and protect their resources from sophisticated cyber threats.

Nikul Patel is a director analyst at Gartner on the Endpoint Security team covering Endpoint Protection Platforms (EPP), specifically Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) technology. Gartner analysts will be exploring digital risk management and strategies for cyber security resilience at the Security & Risk Management Summit 2024 in London, from 23-25 September 2024.

Read more on IT risk management

CIO
Security
Networking
Data Center
Data Management
Close