Embrace Zero Trust for Australia’s Essential Eight
Elevate maturity levels with a security model that protects your business and enables growth. Based on research from Forrester: Embrace Zero Trust for Australia’s Essential Eight
Every time Australia’s Essential Eight Maturity Model is updated, as it was in July, it’s important to refine your organisation’s approach and keep up with changes in cyberthreat intelligence.
Essential Eight: challenges elevating maturity
By implementing the Essential Eight baseline strategies, organisations make it much harder for adversaries to compromise their systems.
However, while the cybersecurity framework has been around and continuously evolving since 2017, many organisations still struggle to elevate their maturity level. This leaves them vulnerable to more complex, sophisticated attacks as they grow and become a bigger target.
According to Akamai security experts in Australia, some common challenges include:
The evolving tools used by adversaries make it harder for an organisation to pivot and respond; most adversaries are extremely agile and pivot constantly
The breadth of applications that require testing from multiple teams, including third-party vendors, can hamper patch process and extend time to patch for applications
Standardising and endorsing of client-side applications, such as a browser and its plug-in, proves to be challenging — especially for users with BYO devices, such as phones, tablets, and laptops.
Security measures such as multi-factor authentication (MFA) add friction to the user experience — because of this, organisations tend to make use of technology that has the lowest barrier of entry to the user so as not to impact productivity and add additional load to their help desk. While it is better than a simple username and password combination, many MFA solutions today are susceptible to phishing, a vector commonly used by adversaries
Why Zero Trust?
At its core, Zero Trust is a security model based on a strict identity verification process. The framework dictates that only authenticated and authorized users and devices can access applications and data. At the same time, it protects those applications and users from advanced threats on the internet.
Organisations that embrace Zero Trust can quickly elevate their security posture to a higher maturity level — without introducing complexity.
Based on Akamai’s experience working with clients, as well as internally on our own journey, the best approach to reaching a Zero Trust framework is to start with a single use case for validation of the model.
From Akamai’s perspective, some of the key advantages of a Zero Trust framework include:
A Zero Trust perimeter can be used as a virtual application firewall that defends against adversaries that exploit application vulnerabilities; this virtual firewall can be enabled easily across all applications and monitored from a single view
By narrowing the patch population, organisations can patch quickly, observe for errors, and if required, roll back quickly, which gives the organisation the ability to respond to critical patches with more agility
When accessing corporate websites, a Zero Trust architecture allows for organisations to reduce security risk by capturing device signals, sanction JavaScript and plug-ins that are enabled on the user’s browser, or block them, if necessary
FIDO2-based push MFA when used in conjunction with Zero Trust can help an organisation secure itself from adversaries that exploit attack vectors such as phishing, which not only provides security benefits, but lowers the friction for user authentication
Aligning Zero Trust to the Essential Eight
Organisations often fall into the trap of compliance-as-a-strategy in their security planning. It’s important to remember that guidelines like the Essential Eight should be checkpoints along the way to a truly holistic security strategy, rather than merely a box to tick.
Visit akamai.com/zerotrust for additional resources.
