Page 16 - AASBO EDGE Summer 2023 WEB
P. 16
CYBERSECURITY
BY DON HARRIS
Zero Trust Has Emerged in Post Pandemic Security
The Covid pandemic that resulted in remote the subject and device are discrete functions
learning and work-at-home options makes it performed before you have access, Chuan said.
imperative that schools practice what is called in “It’s response trends that include remote users
the IT world Zero Trust. and cloud- based assets that are not located within
an enterprise-owned network boundary. Focus on
Joseph Chuan, Manager IT Services, Ricoh protecting resources and not network segments,
Digital Services, emphasized the need for greater as the network location is no longer seen as the
network security in a breakout session at the prime component to the security posture of the
AASBO Spring Conference. resource.”
“Schools have a network to access information,” Chuan recommended several actions to take.
Chuan said. “In the past, security was based on For example – segment the network. Traditional
where is the end user. We didn’t worry about cybersecurity has a single boundary of trust.
people inside schools. We worried about how Employees had access to every part of your
do we keep the bad guys out, with firewalls and organization. Zero trust is a more secure
other methods. That evolved into a bigger risk for educational facility. “Users must constantly
schools or private business. It’s what lies between request access to areas they need to be, and if
the end user and the keyboard – a errant link in there isn’t an absolute need for them to be there,
an email.” then security keeps them out,” he said.
He explained: “Zero trust is a term for an evolving
set of cybersecurity paradigms that move defenses Network segmentation is used in government
facilities. “There are lots of security boundaries
“Unfortunately, hackers know throughout a segmented network, and only the
schools are not on the leading people who absolutely need access can get it,”
Chuan said. “This is a fundamental part of zero-
edge of technology, which has to trust networking and eliminates the possibility
do with funding and budgets. that an attacker who gains access to one secure
area can automatically gain access to others.”
from static, network-based perimeters to focus
on users, assets, and resources. It assumes no A second step is to implement access
implicit trust is granted to assets or user accounts management and identity verification. “Multi-
based solely on their physical or network location factor authentication is a fundamental part of
or based on asset ownership. It doesn’t mean that good security, whether it’s zero trust or not,”
because you’re within four walls (of a school) Chuan said. “Under zero trust, system users
that you re trusted.” should be required to use at least one two-factor
Basically, under zero trust, nobody is trusted. authentication method, and possibly different
Authentication and authorization of both methods for different types of access.”
CONTINUED ON PAGE 19
|
16 THE EDGE SUMMER 2023
