Zero Trust is a philosophy and method created by John Kindervag in 2010. The rule is never to trust anything by default, meaning that every access request should be authenticated and authorized as if it originates from an open network. You cannot control or secure every location that your data must go in today’s world.

Benefits

Success in businesses nowadays means assuring your consumers of safety. Nobody wants their organization to be the one that makes customers concerned. Likewise, non-consumer-based companies need to ensure that their “crown jewels” and competitive information are not stolen or ransomed.

Regardless of the industry, you have those who rely on you to protect their data and privacy.

With a Zero Trust model, you employ a more identity-centric and data-centric approach to address security risks.

Zero Trust model? 

There are three critical elements of the Zero Trust model:

  1. User / Application Authentication
    It is imperative to authenticate the user or application to ensure that the entity requesting access is that entity.
  2. Device authentication
    User/app authentication alone is not enough. You also need to authenticate the device requesting access.
  3. Trust
    Access is granted once the user/application and device are authenticated.

Essentially, the framework dictates that you cannot trust anything inside or outside your perimeters. The Zero Trust model operates on - "never trust, always verify."

How to create a Zero Trust network? 

Zero Trust is an architecture that requires the implementation of several key technologies and processes, including:

  • Micro-segmentation - the foundation for Zero Trust that allows administrators to program security policies based on where the load can be used, what kind of data it will be accessing, and how important/sensitive the application is
  • Multifactor authentication: Enforces strong authentication.
  • Identity and Access Management: Conclusively authenticates the user/application and device.
  • User and Network Analysis - Understands the relative behavior of the user and the network they come from, and highlights any unusual behavior compared to a predetermined baseline that may indicate an identity at risk.
  • Endpoint Security: Ensures that the endpoint itself is clean and will not serve as a channel to allow an attacker to gain unauthorized access to your data.
  • Encryption - prevents eavesdropping of traffic
  • Scoring - sets a "score" based on the above parameters, which will determine whether access can be granted.

Access to sensitive information and applications from branch offices, IoT devices, mobile workers, partners, vendors, customers, vendors, and cloud workloads moves the network's edge away from IT control.