Zero Trust is a security strategy that has been gaining traction recently, and for a good reason. It is a comprehensive approach to securing modern organizations and businesses, designed to protect people, devices, applications, and data regardless of their location.
The strategy is built on the following principles:
- verifying explicitly,
- using least privilege access,
- and assuming breach.
In this blog post, we’ll dive into the details of Zero Trust, what it entails, and how to implement it.
At its core, Zero Trust assumes that breaches can and will occur and that each request must be verified before it is granted access. This contrasts with the traditional approach of trusting everything behind the corporate firewall and verifying only external requests. The Zero Trust model teaches us to “never trust, always verify.”
Implementing a Zero Trust approach requires organizations to extend their security measures to cover their entire digital estate, which includes the following six foundational elements: secure identity, secure endpoints, secure applications, secure data, secure infrastructure, and secure networks. The technology pillars for implementing Zero Trust include:
- Secure identity with Zero Trust: Verify identities, people, services, or IoT devices, before granting them access to resources. Ensure that the access is compliant and typical for that identity, following least privilege access principles.
- Secure endpoints with Zero Trust: Monitor and enforce device health and compliance for secure access to various endpoints, including IoT devices, smartphones, BYOD, and on-premises/cloud-hosted servers.
- Secure applications with Zero Trust: Implement controls and technologies to discover shadow IT, ensure in-app permissions and gate access based on real-time analytics, monitor abnormal behavior, control user actions, and validate secure configuration options.
- Secure data with Zero Trust: Classify, label, and encrypt data and restrict access based on those attributes. Data should remain safe, even if it leaves the organization’s control of the devices, apps, infrastructure, and networks.
- Secure infrastructure with Zero Trust: Assess for version, configuration, and JIT access to harden defense, use telemetry to detect attacks and anomalies, and automatically block and flag risky behavior.
- Secure networks with Zero Trust: Segment networks and deploy real-time threat protection, end-to-end encryption, monitoring, and analytics to enhance visibility and prevent lateral movement of attackers.
One of the most critical components of Zero Trust is visibility, automation, and orchestration. With each area generating its relevant alerts, an integrated capability to manage the resulting influx of data is necessary to detect and respond to threats and prevent undesired events across the organization.
In conclusion, Zero Trust is a security strategy that assumes breach and verifies each request. By implementing Zero Trust controls and technologies across the six foundational elements, organizations can protect their people, devices, applications, and data and prevent successful cyberattacks. The US executive order 14028 on Improving the Nation’s Cyber Security directs federal agencies to implement Zero Trust measures. The Office of Management and Budget (OMB) has released the federal Zero Trust strategy in memorandum 22-09 to support this directive.
Abou Conde's Blog 