SENSEI ENTERPRISES, INC.

Call Us at 703.359.0700 or Toll Free 877.978.3440

Click Here For Live Support Make A Payment
Cyber Incident Hotline
Call Us at 703.359.0700 or Toll Free 877.978.3440
  • Home
  • About
    • Corporate Officers
    • Sensei Gives Back
    • Certifications
    • Partnerships
    • Current Job Openings
  • Services
    • Managed Information Technology Services
    • Managed Cybersecurity Services
    • Digital Forensics
    • Free Technology and Cybersecurity Assessments
    • Ask the Tech Experts
    • Cloud Solutions
    • Mobile Phone Deleted Text Message Recovery
    • Cybersecurity Awareness Training
    • Cybersecurity Maturity Model Certification (CMMC)
    • DIGITAL DETOX
    • Client Testimonials
    • Why Choose Sensei?
  • News & Publications
    • All News & Publications
    • Sensei News
    • Articles
    • Podcasts
    • Publications
    • YouTube Videos
    • Ride the Lightning Blog
    • Your IT Consultant Blog
    • Digital Forensics Dispatch Blog
  • VADER ONLINE
    • About VADER ONLINE
    • VADER ONLINE FAQS/HOW TO VIDEOS
    • VADER ONLINE Webinars
  • Seminars
    • Upcoming Seminars
    • Archived Seminars
    • Our Most Popular Seminars
    • Speaker Michael Maschke
    • On-Demand CLEs
    • Book Sensei Speakers
  • FAQ
    • FAQ: Digital Forensics
    • FAQ: Managed Cybersecurity
    • FAQ: Managed Information Technology Services
  • Contact Us

Zero Trust Architecture Made Simple for Lawyers

April 5, 2021

We are still unconvinced that we will ever know the full extent of the damage from what is perhaps classified as the worst data breach ever. The compromise of the SolarWinds Orion platform has impacted approximately 18,000 public and private sector customers according to Cyber Unified Coordination Group (UCG). The UCG also said that the Russian-backed Advanced Persistent Threat (APT) group is most likely responsible for the SolarWinds hack. As the investigation continues, we are learning more and more details about the attack and those impacted.

What we do know is that the attackers spent many, many patient months learning about the SolarWinds environment and determining the best and most effective way to insert backdoor access into the Orion product. The supply chain attack was extremely sophisticated and a real wake-up call for cybersecurity professionals.

It is now painfully obvious that the traditional castle and moat designs for security don’t work in these modern computing days. We can’t just create perimeter security by walling off our resources and controlling access through a firewall. We are very much a mobile workforce and many of the services we utilize in our law practices are cloud based. We need a new approach to secure access to the confidential data law firms possess.

The National Institute of Standards and Technology (NIST) released the final version of its Zero Trust Architecture (ZTA) publication (NIST Special Publication 800-207) in August 2020, which will help organizations deploy a security model for the future. The National Security Agency (NSA) and Microsoft are also advocating for Zero Trust Architecture to help combat sophisticated cyber-attacks such as SolarWinds.

The obvious question is…what is zero trust? The concept of zero trust networks has been around for at least a decade, but cybersecurity events such as SolarWinds and attacks on Microsoft on-premise Exchange servers has brought renewed focus to the Zero Trust discussion.

The NSA stated, “The Zero Trust security model assumes that a breach is inevitable or has likely already occurred, so it constantly limits access to only what is needed and looks for anomalous or malicious activity. Zero Trust embeds comprehensive security monitoring; granular risk-based access controls; and system security automation in a coordinated manner throughout all aspects of the infrastructure in order to focus on protecting critical assets (data) in real-time within a dynamic threat environment. This data-centric security model allows the concept of least-privileged access to be applied for every access decision, allowing or denying access to resources based on the combination of several contextual factors.”

In other words, trust nothing and constantly verify. It gives new meaning to Ronald Reagan’s words, “Trust, but verify.”

Read the entire article here. 

Filed Under: Articles

How May We Help You?

    Your Name (required)

    Email Address (required)

    Service of Interest (required)

    Message (required)



    Award Winning Cybersecurity and Electronic Evidence Blog by Sensei’s President



    Information Technology Blog by Sensei’s Vice President

     

    Digital Forensics Blog by Sensei’s Forensics Team


    Podcasts

    John+and+Sharon+Digital+Detectives   new+digital+edge+200
    Call us at 703.359.0700 or toll free 877.978.3440
    ccemsce mcitp ccnp cissp

    See all certifications »

    © 2021 SENSEI ENTERPRISES, INC. | 3975 UNIVERSITY DRIVE, SUITE 225, FAIRFAX, VA 22030 | LICENSED SECURITY SERVICES BUSINESS (DCJS# 11-6444)

    | Privacy Policy |