Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Never trust, always verify: The Zero Trust security model
#1
Lightbulb 
Quote:
[Image: zero-trust-security-featured.jpg]

What is Zero Trust, and why is it attractive for modern business?

The Zero Trust model has been gaining popularity among organizations in recent years. According to 2019 data, 78% of information security teams had implemented this model or at least were planning to make the move. Here, we break down the Zero Trust concept to see what makes it attractive for business.

The perimeter is no more

Perimeter security, a common term in corporate infrastructure protection, encapsulates the use of thorough checks for any and all attempts to connect to corporate resources from outside that infrastructure. Essentially, it establishes a border between the corporate network and the rest of the world. Inside the perimeter — inside the corporate network — however, becomes a trusted zone in which users, devices, and applications enjoy a certain freedom.

Perimeter security worked — as long as the trusted zone was limited to the local access network and stationary devices connected to it. But the “perimeter” concept blurred as the number of mobile gadgets and cloud services in use by employees grew. These days, at least a portion of corporate resources is located outside of the office or even abroad. Trying to hide them behind even the tallest of walls is impractical at best. Penetrating the trusted zone and moving around unhindered has become much easier.

Back in 2010, Forrester Research Principal Analyst John Kindervag put forward the concept of Zero Trust as an alternative to perimeter security. He proposed giving up the external-versus-internal distinction and focusing instead on resources. Zero Trust is, in essence, an absence of trust zones of any kind. In this model, users, devices and applications are subject to checks every time they request access to a corporate resource.

Zero Trust in practice

There is no single approach to deploying a security system based on Zero Trust. Despite this, one can identify several core principles that can help build a system like that.

Protect surface instead of attack surface

The Zero Trust concept typically involves a “protect surface,” which includes everything the organization must protect from unauthorized access: confidential data, infrastructure components, and so on. The protect surface is significantly smaller than the attack surface, which includes all potentially vulnerable infrastructure assets, processes, and actors. It is thus easier to ensure the protect surface is secure than to reduce the attack surface to zero.

Microsegmentation

Unlike the classic approach, which provides for external perimeter protection, the Zero Trust model breaks down corporate infrastructure and other resources into small nodes, which can consist of as few as one device or application. The result is lots of microscopic perimeters, each with its own security policies and access permissions, allowing flexibility in managing access and enabling companies to block the uncontrollable spread of a threat within the network.

Least-privilege principle

Each user is granted only the privileges required to perform their own tasks. Thus, an individual user account being hacked compromises only part of the infrastructure.
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>