Sensei article “Zero Trust Architecture Made Simple for Lawyers” by Sharon Nelson and John Simek was recently featured in Attorney At Work.
We expect Zero Trust architecture to be widely embraced by law firms in 2022.
We may never know the full extent of the damage from what is perhaps the worst data breach ever. The compromise of the SolarWinds Orion platform has impacted approximately 18,000 public and private sector customers, according to Cyber Unified Coordination Group (UCG). The UCG also said the Russian-backed Advanced Persistent Threat (APT) group was most likely responsible for the SolarWinds hack. As the investigation continues, we are learning more details about the attack and those affected.
What we do know is that the attackers spent many, many patient months learning about the SolarWinds environment and determining the most effective way to insert backdoor access into the Orion product. The supply chain attack was extremely sophisticated and a real wake-up call for cybersecurity professionals.
It is now painfully obvious that the traditional castle-and-moat designs for security don’t work in these modern computing days. We can’t just create perimeter security by walling off our resources and controlling access through a firewall. We are very much a mobile workforce and many of the services used in our law practices are cloud-based. We need a new approach to secure access to the confidential data law firms possess.
The National Institute of Standards and Technology released the final version of its Zero Trust Architecture (ZTA) special publication in August 2020, which will help organizations deploy a security model for the future. The National Security Agency (NSA) and Microsoft are also advocating for Zero Trust Architecture to help combat sophisticated cyberattacks such as SolarWinds.