Linked – Why companies need to implement a ‘zero trust’ approach to their cybersecurity model

ByMike McBride February 12, 2018February 12, 2018 Reading Time: 2 minutes

This is not as easy as he makes it sound:

And then lastly is learning from all these three elements – the user, the device, the least privilege, and adapting your policies. So it’s a constant learning and adapting, changing the policies. For instance, if Jane never executes certain commands on a Unix machine, let’s dial down the policies so she can never run them. If Bill never accesses certain reports on Salesforce.com, let’s dial them down as well. So it’s really a concept of least privilege.

The concept of least privilege is the best security measure there is, I totally agree with that. Stolen credentials are the leading cause of breaches, and the less anyone has access to, the less damage can be done by having a single compromised account. But, it’s also a pain in the ass. Things change, and what people need access to changes, all the time. Users don’t see this as a proper security measure, they see it as not having access to things they might need at any given time, and then having to wait for a process to complete before they can do the thing that they’ve not had to do before.

In a law firm, for example, where you have a bunch of “owners” who are not exactly known for their patience, this becomes a source of great tension between those owners and the IT department. The security team becomes an obstacle to doing what the lawyers want to do, but that isn’t because the security team is being difficult, it’s because getting access to something new should be a bit of a chore. There should be a valid reason for a user to be granted access to something more than they normally have access to. If it isn’t so, than stealing a credential, logging in as that user, and escalating their rights via the process would be too easy.

That’s not very good security. Good security puts up roadblocks to that sort of thing, and users need to be educated about that reality, instead of angry they have to jump through hoops.

The hoops are there for a reason.

https://www.techrepublic.com/article/why-companies-need-to-implement-a-zero-trust-approach-to-their-cybersecurity-model/

Follow these topics: LawFirms, Links, Tech

LitigationSupport

More from ILTA11 Weds. Notes

ByMike McBride August 26, 2011August 26, 2011 Reading Time: 8 minutes

Didn’t get to post up my notes from Wednesday’s sessions, spending the night being treated to dinner and a show at the Bluebird Cafe instead by the fine folks at Tru Staffing. (The folks who recruited me to come to work down in South Carolina, thanks Jared and Erin!)) As the evening’s entertainment stretched into…

Links

Links (weekly)

ByMike McBride April 1, 2012October 13, 2015 Reading Time: 1 minute

When Good Enough – Isn’t | Jeffrey Brandt tags: LitSupport MM Google “Vaults” Into eDiscovery Preservation tags: LitSupport MM Traveling Thursday – State Department Resources tags: Travel MM A Generation in Transition tags: LitSupport MM Never Skip the Pristine Version tags: LitSupport MM A Non-Attendee’s Guide to “Attending” ABA TECHSHOW 2012 tags: LitSupport MM Don’t…

Blogging | Personal

Writing at Work

ByMike McBride February 17, 2009July 22, 2015 Reading Time: 1 minute

Well, I know it won’t be something I do a lot of, but in the last week or so I’ve had to do some researching and writing at work, starting with that blog post last week, and it’s just killing my motivation to write anything here in the evenings. Heck, I’ve been struggling just to…

Training

Is The Trainer Responsible for a Student Learning?

ByMike McBride April 1, 2014 Reading Time: 2 minutes

Ant Pugh asks an interesting question: Do you feel responsible for your learners and their development? He spends the better part of that post making the case that yes, teachers, trainers and other educators are, in fact, responsible for whether the students learn or not. I tend to agree with him, to a point. Yes,…

Links | LitigationSupport

Linked – kCura: UK War with Hosting Partners?

ByMike McBride May 26, 2017 Reading Time: 2 minutes

To date partners that provide data hosting have had to buy, install and maintain their own infrastructure – charging a premium to companies that need eDiscovery services as a result. Going forward the hardware and software are all available within RelativityOne, prompting one adviser to say shortly after Relativity Fest: “kCura doesn’t see this as…

Links | Tech

Linked – FCC: Your cybersecurity isn’t our problem

ByMike McBride March 25, 2017March 22, 2017 Reading Time: 1 minute

The new FCC chair has suspended some new rules scheduled to go into effect regarding ISPs, this is not good. The rules would’ve required internet service providers to notify consumers about the collection and use of their data and required opt-in consent before using or sharing what the FCC considers sensitive information. That’s stuff like…

Linked – Why companies need to implement a ‘zero trust’ approach to their cybersecurity model

Like this:

More from ILTA11 Weds. Notes

Like this:

Links (weekly)

Like this:

Writing at Work

Like this:

Is The Trainer Responsible for a Student Learning?

Like this:

Linked – kCura: UK War with Hosting Partners?

Like this:

Linked – FCC: Your cybersecurity isn’t our problem

Like this:

Leave a Reply Cancel reply

Top Posts

Like this:

Similar Posts

Like this:

Like this:

Like this:

Like this:

Like this:

Like this:

Leave a Reply Cancel reply

Follow Me

Top Posts