US Supreme Court Ruling Highlight The Need For Zero Trust Model
The Computer Fraud and Abuse Act of 1986 (CFAA) provides serious recourse and “criminalizes” the intentional access of a computer without authorization. At the inception of the act, the consensus was to address “hacking or tampering with unauthorized computer systems or data.” However, the significance of this legislation has escalated from a multi-billion dollar problem to over a trillion-dollar problem within the past few years.
In the summer of 2021, a SCOTUS ruling, Van Buren v. United States, highlighted the urgency for the public sector to embrace a Zero Trust Model.
The lawsuit’s basis involved a sergeant who was paid for accessing information about a particular license plate using his in-car computer. The sergeant — Van Buren — accessed this information in a technically legal fashion as defined by the CFAA. Therefore, the Supreme Court of the United States stated that he did not exceed his authorized access even though his intended purpose was undoubtedly improper.
This perhaps surprising ruling highlights the importance of agencies in the public sector adopting a Zero Trust architecture in their organizations.
Implementing a Zero Trust Model – A Process
The previously described litigation emphasized the critical nature of the public sector and how important it is for agencies to re-evaluate the control employees have around data access. Taking a never trust, always verify approach is essential.
The process of embarking on a journey towards Zero Trust can be summed up in the five steps below:
Assess Your Inventory
Implementing a Zero Trust Model involves several basic steps, with the first and most critical step being the assessment of your cyber infrastructure.
Organizations will need to quantify and document their unique systems, networks, and device profiles across the entire enterprise.
Employees and devices alike must operate in a mode that clearly defines their individual roles as they relate to data access, using the principle of least privilege access as a guideline.
Take it One Step at a Time
Remember, your organization’s transition to Zero Trust will not be an overnight endeavor. This is especially true if you are working with legacy systems and principles which will need to be replaced incrementally.
To ease the transition, you may want to consider first testing what will work best for your organization’s unique needs and then determining which Zero Trust tools and principles will work well alongside the setup you already have.
Making smaller, incremental changes and testing along the way is a much more scalable approach when working alongside legacy systems.
Seek Advice from Those Who Have Been There
Regardless of the stage of Zero Trust implementation you find your organization in, much can be learned from an organization that has already succeeded in the journey!
Many tools have been developed to help with the implementation of notarization and digital authentication solutions. Acronis SCS Cyber Backup 12.5 Hardened Edition, for example, can provide a solid foundation.
Create a Culture of Cybersecurity
Successful implementation of a secure Zero Trust infrastructure requires assurance the outcome will actually work for your company. The process of becoming #Cyberfit will also necessitate significant re-writes and additions to IT policies that will enforce the concept of never trust, always verify. These are, after all, the two most important philosophies behind Zero Trust.
Don’t Forget Your Human Assets
While a Zero Trust infrastructure is designed to minimize the impacts of breaches caused by humans, you should not disregard your organization’s people and their role in protecting your institution.
If adequately implemented over time by management and, of course, your primary “human firewall,” your employees, a Zero Trust architecture will insulate your organization from expensive data breaches and result in a culture that escalates security to number one priority.
Acronis SCS Can Help You Adopt Zero Trust in Your Organization
Every business has its own set of internal security requirements. As a result, the way you go about it may be different from ours. However, our experience can help you navigate your organization’s unique cybersecurity requirements based on your users, infrastructure, and objective.
Some solutions make this process easier for any business. Using backup and recovery technologies with active anti-ransomware protection, such as Acronis SCS Cyber Backup 12.5 Hardened Edition, can help protect your organization from unwanted data breaches. Furthermore, an easy-to-use digital authentication and notarization service can prevent unwanted changes or the removal of your critical data.
The result of Van Buren v. United States has made it painfully clear to the public sector that adopting a Zero Trust architecture is more essential than ever, and it’s crucial to begin the journey as soon as possible. Acronis SCS is here to help.