Securemation Zero Trust Framework
Securemation Zero Trust Framework is based on the explicit acknowledgement that trust is not an attribute of physical (geographic) or logical (network) location, basic credentials, or even known endpoints. We believe that Trust must be established dynamically – each time and every time – before requested access to a resource is permitted. Trust cannot be a static attribute. And even when resource access is permitted, it must be permitted at a granular level of detail to ensure that only the specific (granular) required access is given. The security controls we design and deploy have policies that explicitly do not trust any endpoints, devices, networks or users by default.
The Securemation Zero Trust Framework resulting from the above philosophy significantly reduces the risk of security breaches in your organisation. A very high portion of security breaches today are possible only due to inherent trust relationships that exist in your environment.
The Securemation Zero Trust Framework implementation is customised to suit the risk profile and budget of an organisation. It is not a “one size fits all”. The customisation of the Zero Trust framework implementation ensures that your investment is commensurate with the risks posed to your business by the identified cyber security risks. To uncover the risks, we perform a Threat and Risk Assessment (TRA) for your environment before we customise the Zero Trust framework for implementation in your organisation. The TRA is focused on identifying where existing (implied or explicit) trust exists in your organisation that maybe creating risk. We prioritise the risks based on potential impacts before finalising the key components of the Securemation Zero Trust Framework for your organisation. Securemation has a structured and proven methodology for identifying the presence of existing trust scenarios in your environment.
The process we follow for Zero Trust consists of two key activities:
A. Zero Trust Design
Our framework is customised to suit your environment based on a health check of your existing security controls and the configured policies. We determine where controls might be missing or not configured in an optimal manner to realise the value of having a Zero Trust environment. We will align and prioritise the required controls according to the budget available. The design will contain a Security Program with a roadmap to guide the implementation.
B. Zero Trust Implementation
Once the design is completed, and accepted by your organisation, we will embark on the journey of implementing the controls in the priority order determined via design. The controls with the most security risk reduction capabilities will be the initial focus. If you already have an existing service provider that you would prefer to use for the implementation – the design can be handed over to them for implementation. The implementation will be done with the required ongoing monitoring to ensure that the controls continue to function as designed. Many organisations do not monitor the deployed controls to ensure that the risk reduction capabilities of security controls do not deteriorate over time. Our design caters for this as an inherent characteristic.