This summer marked a turning point in data security, especially for the public sector. The Supreme Court case of Van Buren v. the United States set a precedent that showed us just how important it is for agencies to adopt a Zero Trust Model to prevent access and misuse of sensitive data.
If you aren’t familiar with the referenced lawsuit, we’ve got you covered. A former Georgia police sergeant sold private information that he was able to retrieve using his in-car computer to access a government database. You would think that was clearly a crime, and perhaps it should have been ruled as one, but The Supreme Court found that Van Buren did not, in fact, exceed his authorized access as the Computer Fraud and Abuse Act of 1986 (CFAA) defines it.
The Computer Fraud and Abuse Act of 1986 (CFAA) was introduced to provide recourse and “criminalize” the intentional access of a computer without authorization. In addition, the intention of the law was to address “hacking or tampering with unauthorized computer systems or data.”
With the broadening of digitized information, the significance of this legislation has gone from a multi-billion dollar issue to over a trillion-dollar issue within the past few years.
The deficiencies in the act made it possible for the Supreme Court to find the actions of Sergeant Van Buren as technically legal since the way he retrieved said information was within his authorized access, even though his intended purpose was improper.
5 Steps to Implement a Zero Trust Model
The outcome of this case made paramount a reconsideration on how organizations establish access to their sensitive data. The never trust, always verify approach has never been so critical to achieving a secured data infrastructure.
The following five steps will steer you in the Zero-Trust direction:
1. Get Your Inventory in Order
Before we get into deep waters, you need to assess your cyber infrastructure inventory. Doing this right, even when daunting, is the most critical step for implementing Zero Trust architecture in your organization.
This inventory should consist of your enterprise-wide environment’s networks, systems, devices, and users. Devices and employees alike must operate in a manner that distinctly defines their individual roles as they relate to data access using the principle of least privilege access as a parameter.
2. Think Incremental Changes
As you can imagine, the transition to a Zero Trust architecture won’t happen overnight. This is particularly true if you are working with legacy systems and principles, which will need to be replaced little by little.
For a smoother transition, first, establish how Zero Trust tools can coexist with your current setup. Making smaller, incremental changes and testing along the way will make for a simpler process when working alongside existing systems.
3. You’re not alone
There’s no shame in following the lead of others when implementing the Zero Trust framework. There’s a lot to be learned from other companies that have gone through the transition successfully. So, no matter your organization’s stage, you can use their experience as a blueprint for your process, adapting it to your specific requirements when needed.
There’s a slew of tools to help with the implementation of notarization and digital authentication solutions. For instance, you can find a sound base in Acronis SCS Cyber Backup 12.5 Hardened Edition to kickstart your transformation process.
4. It’s a Matter of Organizational Culture
The most critical step in implementing the Zero Trust architecture is ensuring the adoption of the new policies across the organization, so you need to create a culture of cybersecurity ASAP.
The never trust, always verify concept needs reinforcements, and, as in any cultural process, it starts with the leadership. Thanks in part to the aforementioned Supreme Court case along with the prevalence of veritable cybersecurity disasters making headlines every week, the conversation may not be as hard as you might imagine.
5. The Importance of the Human Firewall
One study found that close to a third of data breaches involved spear-phishing tactics, and human-based errors have a causal part in over a fifth of breaches.
So, it would be best if you never underestimate the critical role humans have in keeping cyberattacks, data loss, or compromise at bay.
As we said before, If management can grasp and adequately implement the Zero Trust architecture over time and, of course, your primary “human firewall,” your employees are aligned, your organization will become insulated from expensive data breaches and result in a culture that understands cybersecurity as a priority. But, like most things in an organization, this is a team effort. So, never take your people for granted.
Acronis SCS is the Partner You Need in This Journey
No matter your organization’s starting point and unique requirements, Acronis SCS can help you navigate the transition to a Zero Trust architecture. For example, Acronis SCS Cyber Backup 12.5 Hardened Edition can help protect your organization from unnecessary and costly data breaches by using its backup and recovery technologies with active anti-ransomware protection.
Furthermore, an easy-to-use digital authentication and notarization service can hamper unwanted changes or critical data loss.
The Van Buren v. United States case is a wake-up call to take action into creating cybersecurity heaven for all of your organization’s sensitive data, kind of now.
Content Summary