Zero trust is no longer merely a concept or a set of guidelines. It has evolved into an architectural framework for securing complex enterprise networks that can be implemented and scaled.
The concept of “never trust, always verify” underpins zero trust architecture. In practise, this means that access to any network resource must be subject to predefined trust dimensions, or parameters. Failure to meet these parameters results in access denial or revocation. This is in stark contrast to previous security models, which relied on implicit trust within the network perimeter.
The traditional approach to cybersecurity, on the other hand, relies on barriers — firewalls — that control traffic entering and exiting a network. Zero trust, on the other hand, is based on the assumption that there are no barriers. It is frequently used interchangeably with “removing perimeters,” “shrinking perimeters,” “reducing perimeters,” or “going perimeter-less.” These are common references to the concept of “de-perimeterization,” which was first proposed in 2005 by a group called the Jericho Forum. The phrase “zero trust” was coined by cybersecurity expert John Kindervag in 2010 while working for Forrester Research. In a nutshell, zero trust assumes that the system will be breached and designs security as if no perimeter exists. As a result, don’t trust anything by default, beginning with the network.
We are now more globally connected than ever before, thanks to the explosion of cloud computing. The majority of us conduct business remotely via mobile devices. We consume, exchange, and store digital information in private clouds, public clouds, hybrid clouds, and a variety of other configurations. Needless to say, traditional boundaries have shrunk and become more hazy, allowing for a much larger footprint of applications and services to be located and accessed from anywhere. Of course, with that growth has come an increase in cybersecurity vulnerabilities. There are now more areas and points of attack available to us. And we are especially vulnerable to cybersecurity breaches that originate within networks — within the perimeter.
The conventional perimeter defence strategy has a flaw in that it lacks a security control mechanism to prevent lateral movement once the security threat is inside the perimeter, because inside is always considered to be the safe or trusted zone in this strategy.
This is where zero trust comes into play to save the day. You could be accessing resources spread across many boundaries, from on-premises to multiple cloud environments, from an enterprise-owned network, your home, or anywhere in the world. No matter where your network is located, a zero trust approach to cybersecurity will always respond, “I have zero trust in you!”. Hence, “never trust, always verify” — for every access request!
To emphasise the point even further, the verification process is a critical component of the zero trust approach. Before access to a resource can be granted, it must be thoroughly evaluated dynamically and in real time based on access policies in place and the current state of credentials, device, application, and service, as well as other observable behaviour and environmental attributes.
Recent Comments