In the summer of 2021, a US Supreme Court ruling found that a police sergeant who accessed a law enforcement database via his patrol-car computer to obtain license plate information in exchange for money did not, in fact, violate the Computer Fraud and Abuse Act of 1986 (CFAA).
The Computer Fraud and Abuse Act (CFAA) was passed in 1986 to amend the original federal computer fraud legislation. The CFAA forbids accessing a computer without authorization or beyond what is permitted, but it does not explicitly define the term “without authorization.”
It does, however, specify that one may not access a computer with authorization and subsequently obtain information located in particular areas of the computer that are off-limits to them.
While the Supreme Court found that the sergeant in question did not exceed his authorized access, the decision should serve as a warning to agencies. It brings into focus the fact that the public sector must prioritize a Zero Trust Model to protect the sensitive data in its possession.
How to Implement a Zero-Trust Model
The results of this case underscore the importance of rethinking data access for employees. Controls such as “never trust, always verify” are critical.
Outlined below is a five-step process to implementing a Zero Trust model in your organization.
1. Assess Your Cyberinfrastructure
First and foremost, assess your cyber infrastructure inventory. This is, without a doubt, the first and most essential step toward transitioning to Zero Trust architecture. While it may sound a bit daunting, in order to truly safeguard your IT environment, you must first have a firm grasp of its scope.
To do this, you’ll need to take inventory of the systems, users, networks, and devices across your entire organization. Next, define the specific roles your users and devices will assume in your network. Using least privilege access principles to guide you, determine what data they need access to.
2. Remember that Change Does Not Happen Overnight
Because implementing a comprehensive Zero Trust architecture does not happen in a single deployment, it cannot be performed overnight unless you are starting from scratch. You’ll almost certainly need to integrate Zero Trust concepts with existing security practices before making the complete shift.
Scaling up incrementally can ease the transition. Throughout the process, ensure that you are first testing what works best in your organization. Then, assess how you may be able to complement your existing infrastructure with Zero Trust tools, making measured, sustainable changes along the way.
3. Heed the Advice of Organizations That Have Gone Before You
Organizations like Acronis SCS can serve as an invaluable resource as you begin the journey of transitioning to a Zero Trust architecture. There’s no reason to go it alone.
4. Develop a Clear Strategy
Remember that in many cases, IT policies will need to be developed from scratch or possibly rewritten to ensure that your Zero Trust goals are being properly prioritized. Fortunately, there is a growing public awareness and acceptance of Zero Trust security, which should aid the transition. This is especially true when it comes to gaining high-level stakeholder alignment. There’s no doubt that cybersecurity is a critical priority in today’s technological world. As such, a conversation with your organization’s leadership will likely be easier than you expect.
5. Prioritize Your People as a Human Firewall
A Zero Trust approach indeed requires your organization to adopt a ‘never trust, always verify’ mindset. While that might not appear to lend itself to a human-centric approach, those individuals who make up your organization have a crucial role to play. They are your human firewall and have as much of a stake in preventing and mitigating the damage of human-caused data breaches as any technology you may acquire.
In fact, spear-phishing tactics are to blame in nearly one-third of all data breaches, according to one study by Verizon. Ongoing training and info-sessions can help bolster your employee’s role and empower them to take proactive action in your organization’s cybersecurity posture. In addition, a cohesive team effort is vital to the success of your organization’s shift to a resilient #Cyberfit culture.
Lean on Acronis SCS in Your Zero Trust Journey
Leaning on a seasoned professional when undertaking the sometimes daunting process of adopting Zero Trust can help immensely. Acronis SCS has been there. We’ve taken the very steps outlined above to implement a Zero Trust architecture in our own organization. We can help you navigate the process with clarity and provide the tools you’ll need along the way.
No two organizations are alike, and your security needs will be different from the internal needs of other organizations. While your approach may differ from our own, our experience can help to illuminate the path along the way. We can help your organization assess your needs in light of your unique infrastructure and mission.
The process may not be as revolutionary as you might think, but adopting the right tools is essential for a smooth and successful transition. For example, recovery and backup solutions with included active anti-ransomware protection (such as that offered by Acronis SCS Cyber Backup 12.5 Hardened Edition) offer a means to avoid potentially disastrous compromises in your data. In addition, notarization and digital authentication provide an easy-to-use solution to prevent data tampering.
While Van Buren v. United States undoubtedly highlighted the critical importance of protecting sensitive data. It’s clear that now is the time to take the first step towards a Zero Trust Architecture.