Sensei Article Featured In San Bernardino Bulletin
June 24, 2021
“Zero Trust Architecture Made Simple for Lawyers” by Sharon D. Nelson, Esq. and John W. Simek was featured in the June 2021 San Bernardino Bulletin.
We are still unconvinced that we will ever know the full extent of the damage from what is perhaps classified as the worst data breach ever. The compromise of the SolarWinds Orion platform has impacted approximately 18,000 public and private sector customers according to Cyber Unified Coordination Group (UCG). The UCG also said that the Russian-backed Advanced Persistent Threat (APT) group is most likely responsible for the SolarWinds hack. As the investigation continues, we are learning more and more details about the attack and those impacted.
What we do know is that the attackers spent many, many patient months learning about the SolarWinds environment and determining the best and most effective way to insert backdoor access into the Orion product. The supply chain attack was extremely sophisticated and a real wake-up call for cybersecurity professionals.
It is now painfully obvious that the traditional castle and moat designs for security don’t work in these modern computing days. We can’t just create perimeter security by walling off our resources and controlling access through a firewall. We are very much a mobile workforce and many of the services we utilize in our law practices are cloud based. We need a new approach to secure access to the confidential data law firms possess.
The National Institute of Standards and Technology (NIST) released the final version of its Zero Trust Architecture (ZTA) publication (NIST Special Publication 800-207) in August 2020, which will help organizations deploy a security model for the future. The National Security Agency (NSA) and Microsoft are also advocating for Zero Trust Architecture to help combat sophisticated cyber-attacks such as SolarWinds.
The obvious question is…what is zero trust? The concept of zero trust networks has been around for at least a decade, but cybersecurity events such as SolarWinds and attacks on Microsoft on-premise Exchange servers has brought renewed focus to the Zero Trust discussion.
Read the entire article here. (page 14)