" security Archives - Page 2 of 8 - LuxSci

Posts Tagged ‘security’

What Is Zero Trust Architecture?

Tuesday, June 22nd, 2021

In light of the increasingly sophisticated attacks against the US public and private sectors, the Biden Administration announced a push toward Zero Trust Architecture, amid other cybersecurity reforms.

The White House order was issued on May 12, and it included a host of measures aimed at improving the country’s resilience against cyberthreats. The announcement contained plans to remove barriers that block the sharing of threat information, as well as actions to modernize the Federal Government cybersecurity environment.

A key part of the order was a requirement for each agency head to develop a plan for Zero Trust Architecture implementation within 60 days of the announcement. This plan must incorporate the migration steps set out in the National Institute of Standards and Technology’s (NIST) guidelines. The White House order also stipulates that migrations to cloud technology “shall also adopt Zero Trust Architecture, as practicable.”

This announcement is likely to have major implications in the cybersecurity world. With the federal government moving to adopt Zero Trust Architecture, it’s likely that other industries will soon follow suit. It’s worth asking what this framework is and what it means in the context of your own security stance.

what is zero trust architecture

What Is Zero Trust Architecture?

Simply put, Zero Trust Architecture is a security model that assumes no place is safe from cyberthreats, even an organization’s own network. Let’s explain it by contrasting Zero Trust Architecture with other security models.

Under other designs, an organization’s network has a perimeter, and the entities inside it are considered secure. It’s much like the terminal at an airport. Once you have gone through the security checkpoint, you are presumed free from any weaponry that could endanger others or the facility. After going through the security, you can enter the food court, the gift shops, or the bathroom without having to verify your identity or go through a metal detector.

Under this type of security model, systems can communicate with each other within the network relatively freely. Users are deemed safe and given special privileges, because they are on the “secure” side of the firewall.

In contrast, Zero Trust Architecture accepts that bad actors may be inside the perimeter of the “secure” network. Recognizing this possibility, the Zero Trust security model involves making the secure perimeter as small as possible to minimize the potential for compromise. It also takes steps to continually evaluate actors that are inside the network for possible threats.

Overall, the goal of Zero Trust Architecture is to protect devices and data from malicious actors. It improves on other security models by enforcing more granular access controls, which helps limit the potential for unauthorized access.

Trust Zones

In Zero Trust Architecture, a trust zone is an area where those granted access are also granted access to other parts of the network. Returning to our airport analogy, everywhere beyond the security gates is a shared trust zone where you can move relatively freely.

When you go to board your plane, you must go through another security checkpoint into a smaller trust zone. The smaller a trust zone is, the less data and access to assets that it has. This helps to limit the potential damage that a bad actor can cause.

If a bad actor gained access to the terminal, they could harm everyone within the secure perimeter of the terminal. If the bad actor only had access to the plane, the potential harm would be much more limited (the analogy breaks down a little here, because someone with access to a plane would also have had access to the terminal, but you get the picture).

The Core Tenets of Zero Trust Architecture

In order to build a more secure environment while still offering usable services, Zero Trust Architecture focuses on:

  • Authorization: Only granting users access to the minimum level of data and services that are required to fulfill their role.
  • Authentication: Verifying the identity of authorized users through logins, keys, certificates, multi-factor authentication and other measures. This helps to protect from unauthorized access.
  • Limited trust zones: Making trust zones as small as possible to reduce potential impacts if compromised.
  • Availability: The above security measures are critical, but they need to be designed in a way that maintains availability. A service is useless if it is incredibly secure, but unavailable much of the time.
  • Minimized delays: The vetting processes are important, but authentication should be implemented in a way that doesn’t slow down access.

LuxSci and Zero Trust Alignment

LuxSci has long aligned its services with Zero Trust principles. Our Zero Trust-aligned features include:

  • Dedicated servers with virtualized sandboxing and dynamic per-customer micro-segmentation. We put each dedicated customer in its own trust zone.
  • Dynamic network and user access monitoring that can block suspected threats.
  • Granular access controls for users and systems that access customer data.
  • Encrypted email.

The Biden Administration’s push toward Zero Trust Architecture shows just how critical it is for protection in the current environment. Secure your organization by contacting us now to find out how it can get onboard with LuxSci’s Zero Trust-aligned services.

Time-Based Access Control

Tuesday, March 16th, 2021

A new security feature is available for LuxSci WebMail customers. Account administrators now have the option to implement time-based access controls for their users. Administrators can restrict what times of day and what days of the week individual users are permitted to use the LuxSci web interface (for WebMail, administration, or other tasks) to increase security on the platform.

This prevents unauthorized off-hours access by employees and also by potential attackers. In a compliance context, LuxSci customers are able to apply time-of-day access controls on a user-level to further limit the attack surface and keep essential information protected.

How to Enable Time-Based Access

You must be an account administrator to enable time-based access. To edit this setting, go to the user’s account and click on “Settings.” Under “Security,” go to the “General” page and do the following steps:

  • Enable the overall setting “Enable time-based access restrictions to this web interface.”
  • Select the time zone to use for these times.
  • For each day the user will be allowed to login to the Web Interface, enter one or two time ranges in the 24-hour time format “HH:MM-HH:MM.”
    • For example, if the user can use the system between 9am and 5pm, you would enter “09:00-17:00.” Use two time ranges if there are two distinct periods of time during the day that are acceptable.

time based access settings

Additional Security Features

In addition to this feature, we also recommend that LuxSci customers take advantage of our other security controls such as:

What End-to-End Email Encryption Really Means

Tuesday, January 26th, 2021

As security and privacy become more prominent in the news, you’re probably starting to hear the term end-to-end email encryption a lot. But what does it actually mean? You may have a rough idea that it protects your data, but many people are vague on the specifics. However, it’s the details of end-to-end encryption that are the most important. After all, it only takes one false assumption to put your data at unnecessary risk.

What Is End-to-End Encryption

Read the rest of this post »

How Strong Data Security Can Be a Competitive Advantage for Your Organization

Tuesday, January 12th, 2021

In the past, your organization may not have put a lot of thought into data security. In the paper-based world, or even the early days of digitizing everything, there didn’t seem to be as much of a need to keep all of your information locked down.

But now that everything is electronic, large databases of information have become digital gold, and there seems to be a massive attack every week. By now, you’ve probably gotten it into your head that data security is important for keeping the bad guys out, but have you ever considered data security as a competitive advantage?

Strong Data Security

Read the rest of this post »

Enhancements to Application-specific Passwords

Thursday, December 17th, 2020

Since 2017, LuxSci has supported application-specific passwords.  These enable users to create distinct username/password combinations for use with different applications, devices, or for shared account access.  These login aliases can have limited privileges; for example, granting access only to email or only to web site file storage.  Use of application specific passwords can greatly enhance user security.

In the past few weeks, LuxSci has released several enhancements to application-specific passwords.

Application Specific Passwords

Read the rest of this post »