
The steady stream of new cloud-based applications and digital technologies pose challenges in safeguarding your retail locations from future cyberattacks.
Small retailers are particularly vulnerable to cyberthreats. According to the 2018 Verizon Data Breach Incident Report (DBIR), 58 percent of data breaches impact small businesses.
What is a Zero Trust Network?
Traditional network security has been configured to protect the perimeter. What’s been inside your network walls has been presumed to be trusted.
In a cloud-based environment with many connected IoT devices, network boundaries are more fluid. Left uninspected, more sophisticated threats have arisen to exploit vulnerabilities and attack your valuable business data. Segmentation, access controls, and multi-factor authentication are effective lines of defense to restrict access and reduce risk and potential damage.
These new challenges require different ways to manage network security and ensure PCI-compliance for multi-site retailers and restaurants.
Businesses who want to reliably prevent the exfiltration of sensitive data and improve their ability to defend against modern cyberthreats should consider a Zero Trust Network architecture. Developed by John Kindervag, states the Zero Trust is a powerful way to minimize risk.
Zero Trust “mandates that information security pros treat all network traffic as untrusted.” A ZTN doesn’t mean that employees are untrustworthy. It means we can potentially avoid cybercrimes before they occur by recognizing these three ZTN core concepts:
1) There are no longer trusted and untrusted interfaces on our security devices
2) There are no longer trusted and untrusted networks
3) There are no longer trusted and untrusted users
Zero trust network security operates under the principle “never trust, always verify.”
So what does ZTN architecture mean in practical terms?
Here are some of the key architectural elements whether you’re building a zero trust network or turning to a managed security services partner for support.
An integrated “segmentation gateway” as the nucleus of your network
A segmentation gateway like Acumera’s Merchant Gateway serves as the core for each site’s network. It’s both a stateful firewall (to distinguish legitimate packets for different types of connections) and an application platform that aggregates information from the network. A segmentation gateway also defines a global policy that outlines the principles, procedures, and guidelines to enforce, manage, monitor, and maintain security to protect against breaches.
PCI Compliance: A ZTN is especially useful in supporting PCI compliance which mandates that a firewall separate wired and wireless networks.
As Kindervag wrote: The firewall embedded in the fabric of the segmentation gateway ensures that wireless access points can’t be bridged directly to a core network switch, which is a significant problem in many enterprise networks and the issue that PCI compliance was designed to address.
Parallel, secure network segments
Each segmented zone within your network is its own microcore switch where each zone functions as a microperimeter. All the resources within a specific microcore share similar functionality and global policy attributes.
Centralized management of the switches and segmentation
Every component of your network can be managed centrally and embed security within a unified switching fabric. Acumera advises that you employ an Unrestricted Device Policy. By default, all inbound and outbound traffic should be blacklisted, so the only communication possible from devices is what is explicitly allowed in the firewall policies.
A data acquisition network to gain complete network visibility
Your network should be able to aggregate information from every connection, device, and cable connected for monitoring and management from a remote monitoring tool like the AcuVigil™ Dashboard for complete network visibility
A Culture of Security and Support
The Zero Trust Network begins with the policies and controls to govern your employees and vendors who access your network.
It’s an excellent approach to assess vendors, their strategy, their existing products, and their future roadmaps. When selecting a qualified partner to manage your network, you need to make sure that they both embrace the principles of a ZTN and possess the resources and expertise to implement one successfully.
How Does Acumera Architect a Zero Trust Network?
ZTN Architecture Component | Acumera Component |
Use an integrated “segmentation gateway” as the nucleus of the network. | The Merchant Gateway serves as the nucleus for each site network. It’s both a stateful firewall and an application platform that aggregates information from the network for visibility and management in the AcuVigil™ Dashboard |
Create parallel, secure network segments.
|
|
Centralized management of the switches & segmentation |
|
Create a data acquisition network to gain complete network visibility | The AcuVigil Dashboard aggregates information from every connection, device, and cable connected to the Merchant Gateway into a management and monitoring console for complete network visibility |
Conclusion
With modern threats targeting cloud-based applications and IoT devices, perimeter security isn’t enough. Retail businesses need a network infrastructure that identifies activity that might have gotten past perimeter surveillance. Zero Trust Networks combine infrastructure with the policies and controls to protect your network and monitor activity within the perimeter.
Acumera Resources
WEBINAR: Proactive Defense in Depth
Effective Layers of Security to Protect Your Entire Store Webinar Recording: Acumera presented this webinar in partnership with Conexxus. Convenience stores are prime targets for data theft by attacker-present tactics (dispenser skimmers or ATM jackpotting), and attacker-remote exploits that install malware onto the POS from an …
To MSP or not to MSP
“Restaurants have become common targets via their point-of-sale systems as well as through online and mobile delivery services, with fraudsters aiming to harvest customer credit card information.” – Fast Casual. New digital technologies present enormous opportunities for restaurants looking to elevate their brand and grow their …
Seven Security Questions to ask Your Managed Services Provider
Does your Managed Services Partner have a security mindset? When conducting your due diligence on a managed services provider( MSP) to manage and secure your point-of-sale network, it’s vital that the provider you work with makes their own internal security a priority. The typical SME retail and …