What is Zero Trust?

Zero Trust

• Castle & Moat construct (which assumes that all security threats come from outside an organization) is outdated & problematic.
• Shift in attitude from trusted to untrusted.
• Trust is a vulnerability.
• Workers (users) are our weakest link
• No trust-by-default…
  • Instead, Why don’t we inherently distrust everything?
• The user today needs a variety of access methods to a multitude of systems (while simultaneously NOT trusting them).

The ‘Zero Trust’ model allows workers to perform their roles & responsibilities in a much more secure, much less trusted environment.

The framework was conceptualized by Forrester Research in 2010.

Not “Trust, but verify” rather, “Verify, then trust…but only a little.”

No person is trusted until authenticated.

No device is trusted until evaluated.

No access is provided until entitled.

• Zero Trust Components:
  • Granular Perimeter Access Enforcement
    • Least privilege access; users only get the bare minimum access required to get the job done.
    • Micro-segmentation—Networks are broken down into much smaller security zones.
    • End-point context
    • Identity Access Management
      • MFA
      • Single Sign On
    • Trust changes as the context changes.

SDP—Software Define Perimeter

Identify-based, zero-trust solution.

No need for heavy tuning of your infrastructure.

Easier to implement, manage and audit.

Wide range of solutions currently available; also buyer beware!

A downside with SDP is cost!