“Trust no one, Jim. Especially not in the mainstream;” said Mr. ‘Control’ to Jim in an opening scene of John Le Carre’s ever so popular 1974 British fiction spy novel: Tinker Tailor Soldier Spy.
Jim was a part of the British Intelligence Services, code-named ‘Circus’, sent by ‘Control’- head of the ‘Circus’, on a mission to erstwhile Czechoslovakia, but got killed due to botched operations thanks to a Soviet mole inside the ‘Circus’, who passed all the information of the ‘Circus’ during the heydays of the Cold War.
Abusing Trust is the most deceptive weapon of the enemies within.
Oblivious to the fact that someone entrusted with an important task could actually work against their interests, organizations, governments and even intelligence agencies have fallen prey to compromised insiders over the years.
And oddly enough, the ‘trusted’ within the organizational realm still finds it easy to manoeuvre. Or else, how could one explain the rising incidents of cyber espionage, data breach, credentials abuse among many other instances where the ‘trust’ is compromised?
Trust and Insider Threats
Insider threat is not a new phenomenon. Insiders, from the time immemorial, have proved to be the nemesis, overthrowing kingdoms and empires. That potential to cause colossal damage, however, has only been magnified in the digital age. An insider can abuse the ‘trusted entitlements’ to access the confidential information.
Equally damaging is the fact those modern-day organizations have large IT environments. And that ‘trusted’ member with a potential to abuse the ‘trust’ can be anywhere… At home, on-premises, at the client’s site, on-cloud, inside a cafe… The list is big enough for the malefactors to exploit.
Trust, IT Loopholes and the Zero Trust Framework
‘Close all the gates to the IT kingdom so that the network traffic is inspected and threats kept at bay’ is no more valid today. Most of the IT incidents emanate from loopholes that can be regarded as blind spots: Unprotected and unmonitored digital identities.
The trusted insiders, privy to confidential information, abuse those ‘trusted digital identities’ to lay hands on that sensitive piece of information.
The Zero-trust framework is a foundational IT concept that propagates never assume ‘trust’ but always verify the ‘trust’. Before letting anyone inside the IT kingdom, the Zero Trust security framework ensures that the trust is substantiated and authenticated.
Essentially, the framework enables security and risk management teams to constantly assess the trust by means of multi-factor authentication (MFA) tools, Application streaming technologies to restrict systems exposure, Software-defined Perimeter (SDP), network encryption and continuous risk-based assessment of digital identities using AI/ML.
So, what it means is even if that ‘trusted identity’ is a privileged identity, it would be assessed, validated and audited, continuously.
Please download one of our most popular whitepapers: “Zero Trust Privileged Access Security redefined with ARCON | PAM”. This whitepaper discusses in detail how ARCON Privileged Access Management solution helps to build the Zero Trust framework.
It is that unverified ‘trust’ that often leads to colossal IT damage. Implement the Zero Trust framework to avoid the misuse of ‘trust’.