Never trust. Always verify. Implementing Zero Trust principles like least privilege access and assumed breach can help strengthen your business’s security.
Businesses today face constant cyberthreats and unrelenting pressure to prevent compliance violations. As such, most organizations are constantly on the lookout for any insecure business processes that might require updating.
One of the more commonly overlooked business processes is enterprise file transfer, which can lead to risk if left unchecked. Fortunately, organizations can tackle this problem head-on by applying the same Zero Trust principles that an organization already uses to protect other key business processes.
The entire Zero Trust philosophy can be summed up as never trust, always verify. In practice, this means that no human or machine inside or outside of the organization should be above suspicion. Rather than using static access controls as has been done in the past, every resource request must be authenticated and authorized prior to granting access to a resource. Applying this basic principle to enterprise file transfer support efforts to reduce data breach risks and align with regulatory requirements.
Strong Authentication
The first step in any Zero Trust initiative is to implement strong authentication controls. After all, Zero Trust requires users and machines to prove their identities, and Zero Trust cannot work in an environment in which identity cannot be proven. IP addresses are usually established using certificates, while user identities tend to be established through multifactor authentication and often leverage SSO.
Enterprise file transfer platforms should support integration with the authentication mechanisms that an organization is already using, rather than their own proprietary authentication engine. By doing so, it becomes possible to positively identify both the user and the IP address that has initiated a file transfer and to correlate file transfers with any other actions that the user might be performing.
Least Privilege Access
Another key element of the Zero Trust philosophy is least privilege access. At a high level, least privilege access means giving users access to all the resources that they need to do their jobs, but without granting them access to anything else. In other words, users receive the bare minimum privileges required to complete their assigned tasks.
The concept of least privilege access comes into play in a few different ways in enterprise file transfer. For starters, if a user is sending a file to another user within the organization, any established access control boundaries should remain in effect. A user should not be able to use an enterprise file transfer solution as a tool for circumventing existing access controls. As an example, a user who works in an organization’s marketing department probably doesn’t have access to the HR department’s spreadsheets. As such, a rogue HR employee shouldn’t be able to send one of these spreadsheets to a friend who works in marketing and would not ordinarily have access to such information.
Another way that least privilege access can come into play in the scope of enterprise file transfer is that users should be able to use role-based access control or attribute-based access control to limit the recipient’s permissions.
Suppose, for example, that a particular employee needs to upload some report research to a shared folder. Although they need to be able to add files, they likely don’t need the ability to delete or remove files. As such, role-based access controls could be used so that the recipient is given the proper access to the document location without conferring any unnecessary permissions in the process.
Another way that the principles of least privilege access can come into play is with the file transfer process itself. Yes, only users who actually need to be able to transfer files to do their jobs should have access to the enterprise file transfer platform—but there is more to it than that. Administrators should be able to set limits on what the users can do with the platform.
As an example, an administrator might create a policy that limits the amount of data a user can store on the server. This can help to prevent undue capacity issues for the file transfer platform. Likewise, a standard user should not have permission to disable security features such as encryption or auditing.
Assumed Breach
A third philosophy that is commonly incorporated into Zero Trust initiatives is that of assumed breach. The idea behind this philosophy is that a security breach will probably occur at some point in the future, despite an organization’s best efforts. As a result, the organization naturally pivots away from focusing primarily on perimeter-level defenses, such as VPNs or firewalls, because these defenses do little to stop an intruder who has already gained access to internal systems. Instead, the organization prioritizes detection, containment and response.
In the past, file transfers between two employees within an organization were considered safe because both people involved were trusted employees and the transfer was being sent across a trusted network. When the assumed breach model is applied, however, it becomes necessary to treat an internal file transfer with the same level of scrutiny as a file transfer that is coming from the outside world. In other words, every file transfer request needs to be authenticated, authorized and logged.
Additionally, if the organization is assuming that their internal network has been compromised (regardless of whether a breach has actually occurred), then it would not be in the organization’s best interest to allow file transfers to be unencrypted, because an attacker who has infiltrated the network could conceivably read or even modify the file in transit. Encryption in transit and at rest should be enforced through policy to support data protection.
One of the main reasons organizations adopt the assumed breach philosophy is that implementing security based on an assumed breach helps to limit the blast radius. Just because an attacker gains a foothold within the network should not mean that they can access the entire network. This same principle can be applied to enterprise transfer in a way that limits what an attacker can gain access to, even if the file transfer platform itself were to become compromised. For example, an organization might implement time-limited permissions and set an automatic expiration period for things like shared files or access tokens.
Zero Trust in File Transfer
As organizations embrace the Zero Trust philosophy, enterprise file transfers should not be left out. When it comes to file transfers, every sender and recipient should be verified, every action should be monitored and logged and every file should be protected. Ultimately, the move to Zero Trust security can support security best practices in every stage of the file transfer process and help organizations align with applicable regulations.
Brien M. Posey
Brien Posey is an internationally best-selling technology author and speaker, and a former 22-time Microsoft MVP. Prior to going freelance, Posey served as lead network engineer for the United States Department of Defense at Fort Knox and as a CIO for a chain of hospitals and healthcare facilities. In addition to his continuing IT work, Posey has spent the last 10 years actively training to be a commercial astronaut.