Zero Trust
This concept was coined in 2010 by John Kindervag, a former Forrester Research analyst who is also considered one of the world’s leading cybersecurity experts. Guided by the principle “never trust, always verify”, the application of this strategy aims to protect modern digital environments with increasingly mobile and connected users.
A zero-trust approach enables organizations to make access decisions based on the context of the transaction, including factors such as user identity, classification of the data being accessed, device security profile, network, the application and the authenticators used.
Building a zero-trust architecture requires having excellent identity data, properly provisioned entitlements, as well as standardized authentication and authorization enforcement.
Why Zero Trust?
Many organizations have taken a decentralized approach to identity and access management, allowing multiple lines of business to build their own controls. Unfortunately, this leads to duplicate access enforcement systems. Zero Trust takes a more consistent approach across the enterprise, providing visibility and enforcement of access policies. This means increased security and compliance.
Implementing zero trust is an interdisciplinary exercise spanning identity, access management, and infrastructure security. There is no single technology that can cover all requirements. Access policies can be enforced in access management solutions, privileged access tools, network infrastructure, API gateways, cloud platforms, and even within application code.
To get started on the zero trust journey, organizations must:
- Identify policy enforcement points and policy engines for access decisions.
- Understand the information points of the policy.
- Identify implementation patterns.
- Know their data.
- Develop a risk-based roadmap.
Do you want to keep your company safe?
Sources:
- Accenture
- welivesecurity.com
