The steady stream of new cloud-based applications and digital technologies pose challenges in safeguarding your retail locations from future cyberattacks.
Small retailers are particularly vulnerable to cyberthreats. According to the 2018 Verizon Data Breach Incident Report (DBIR), 58 percent of data breaches impact small businesses.
What is a Zero Trust Network?
Traditional network security has been configured to protect the perimeter. What’s been inside your network walls has been presumed to be trusted.
In a cloud-based environment with many connected IoT devices, network boundaries are more fluid. Left uninspected, more sophisticated threats have arisen to exploit vulnerabilities and attack your valuable business data. Segmentation, access controls, and multi-factor authentication are effective lines of defense to restrict access and reduce risk and potential damage.
These new challenges require different ways to manage network security and ensure PCI-compliance for multi-site retailers and restaurants.
Businesses who want to reliably prevent the exfiltration of sensitive data and improve their ability to defend against modern cyberthreats should consider a Zero Trust Network architecture. Developed by John Kindervag, states the Zero Trust is a powerful way to minimize risk.
Zero Trust “mandates that information security pros treat all network traffic as untrusted.” A ZTN doesn’t mean that employees are untrustworthy. It means we can potentially avoid cybercrimes before they occur by recognizing these three ZTN core concepts:
1) There are no longer trusted and untrusted interfaces on our security devices
2) There are no longer trusted and untrusted networks
3) There are no longer trusted and untrusted users
Zero trust network security operates under the principle “never trust, always verify.”
So what does ZTN architecture mean in practical terms?
Here are some of the key architectural elements whether you’re building a zero trust network or turning to a managed security services partner for support.
An integrated “segmentation gateway” as the nucleus of your network
A segmentation gateway like Acumera’s Merchant Gateway serves as the core for each site’s network. It’s both a stateful firewall (to distinguish legitimate packets for different types of connections) and an application platform that aggregates information from the network. A segmentation gateway also defines a global policy that outlines the principles, procedures, and guidelines to enforce, manage, monitor, and maintain security to protect against breaches.
PCI Compliance: A ZTN is especially useful in supporting PCI compliance which mandates that a firewall separate wired and wireless networks.
As Kindervag wrote: The firewall embedded in the fabric of the segmentation gateway ensures that wireless access points can’t be bridged directly to a core network switch, which is a significant problem in many enterprise networks and the issue that PCI compliance was designed to address.
Parallel, secure network segments
Each segmented zone within your network is its own microcore switch where each zone functions as a microperimeter. All the resources within a specific microcore share similar functionality and global policy attributes.
Centralized management of the switches and segmentation
Every component of your network can be managed centrally and embed security within a unified switching fabric. Acumera advises that you employ an Unrestricted Device Policy. By default, all inbound and outbound traffic should be blacklisted, so the only communication possible from devices is what is explicitly allowed in the firewall policies.
A data acquisition network to gain complete network visibility
Your network should be able to aggregate information from every connection, device, and cable connected for monitoring and management from a remote monitoring tool like the AcuVigil™ Dashboard for complete network visibility
A Culture of Security and Support
The Zero Trust Network begins with the policies and controls to govern your employees and vendors who access your network.
It’s an excellent approach to assess vendors, their strategy, their existing products, and their future roadmaps. When selecting a qualified partner to manage your network, you need to make sure that they both embrace the principles of a ZTN and possess the resources and expertise to implement one successfully.
How Does Acumera Architect a Zero Trust Network?
ZTN Architecture Component
|Use an integrated “segmentation gateway” as the nucleus of the network.||The Merchant Gateway serves as the nucleus for each site network. It’s both a stateful firewall and an application platform that aggregates information from the network for visibility and management in the AcuVigil™ Dashboard|
|Create parallel, secure network segments.|
|Centralized management of the switches & segmentation|
|Create a data acquisition network to gain complete network visibility||The AcuVigil Dashboard aggregates information from every connection, device, and cable connected to the Merchant Gateway into a management and monitoring console for complete network visibility|
With modern threats targeting cloud-based applications and IoT devices, perimeter security isn’t enough. Retail businesses need a network infrastructure that identifies activity that might have gotten past perimeter surveillance. Zero Trust Networks combine infrastructure with the policies and controls to protect your network and monitor activity within the perimeter.
Organizations that require an annual PCI compliance audit have many options when it comes to choosing a Qualified Security Assessor (QSA) company. While the PCI Security Standards Council validates each QSA company’s adherence to the PCI DSS, there are still differences between QSA companies, their approach …
Organizations can improve their compliance status and reduce the internal burden of compliance by carefully choosing PCI compliant service providers. Selecting the right provider for your company requires careful attention to detail since there is a wide variety of service providers and levels of services they …
Secure, remote connections to POS, ATG, DVR and other devices for fewer onsite tech visits and faster issue resolution
In the current environment of social distancing and uncertainty, as a store or restaurant operator, you are focusing on protecting staff, customers and your business. However, it’s also critical to make sure you don’t let your guard down when it comes to protecting your network. Even …