Everybody is talking about Zero Trust today. However, what is it really about?
Simply put, Zero Trust means never trust, always verify.
Zero Trust is NOT a specific vendor product. Instead, it is a security model (or framework). So, people, processes, and technologies must work together to implement Zero Trust tailed for a particular environment.
Now, let’s understand Zero Trust a little deeper.
Why do we need Zero Trust
Corporates typically use firewalls to divide the network into two parts: public and private. Then, they consider the private network as a trust zone. However, modern hackers can leverage various techniques to bypass firewalls, make lateral movements inside a corporate network, and escalate their privileges to access sensitive data.
Moreover, the acceleration of Work-from-Anywhere and Cloud Migration challenges the traditional Network-Centric security architecture. For example:
- Users can access corporate systems anywhere from their homes or coffee shops.
- Enterprises no longer own all devices on their network.
- Business apps, data, and infrastructure are spread anywhere on the Cloud.
As a result, the term Zero Trust – never trust, always verify, advocated by John Kindervag – an industry analyst at Forrester, has become more and more popular in the industry.
The core of Zero Trust
Zero Trust moves us to the so-called Identity-Centric security architecture. It integrates three critical security principles:
- Identity and Access Management (IAM) – managing who (users or devices) can access what resources.
- Privilege Management – controlling the proper access level.
- Micro-Segmentation – isolating workloads and applying fine-grained security policies.
To further understand the Zero Trust design, building blocks, uses cases, and implementation steps, you can read NIST Special Publication (SP) 800-207, Zero Trust Architecture.
Industry Events for Zero Trust
Zero Trust is a hot topic in the industry today. You can find it advocated by so many technology providers, security vendors, and consulting firms.
Since 2019, Cyber Tech & Risk has hosted many Zero Trust related industry events, such as:
Zero Trust is the modern security model widely accepted by the industry. It advocates the idea of “Never Trust, Always Verify.” And it integrates many critical security principles (e.g. Identity and Access Management, Privileged Access Management, Micro-Segmentation) to address today’s security challenges like Cloud Transformation and Work-from-Anywhere.