Zero Trust is a security model that was created by John Kindervag, a former principal analyst at Forrester Research Inc., in 2010 and has since been implemented and popularized by thousands of leading businesses and organizations around the world.
The Zero Trust security concept is centered on the concept that an organization should never automatically trust anything – regardless of whether it’s inside or outside of the company’s perimeter. Instead, everything must be independently verified prior to granting access.
This network architecture operates under the assumption that every user is a threat until proven otherwise. If you had to simplify the entire system into one sentence, it would be this: Don’t trust anyone or anything.
Why? Well, according to one recent report, cybercrime is booming. By 2021, it’s anticipated that cybercrime will cost the world more than $6 trillion annually (up from $3 trillion in 2015). And if you zoom in and look at it on a granular level, you’ll see that the average data breach compromises 24,000 records and costs $3.62 million.
The frustrating thing is that these bleak numbers remain true in spite of significant increases in spending on cyber security – by both individual businesses and firms. In other words, there has to be a better way. Zero Trust aims to be the way forward.
The number one priority with Zero Trust is to understand who the user is. In the most basic sense, it looks like this:
How does a Zero Trust security framework do this? Well, there are multiple options and formulas. Some of the different technologies involved include multi-factor authentication, encryption, analytics, IAM, orchestration, etc.
This framework is based on identifying a protect surface – which is made up of the network’s most important assets, data, services, and applications – and thoroughly studying how traffic moves across the organization in relation to it. Armed with this information, a perimeter can be established via a segmentation gateway (also known as a next-generation firewall).
With a segmentation gateway in place, you have focused visibility into the traffic in and around your protect surface. These insights allow for more sophisticated and relevant security policies.
There’s a common misconception that achieving Zero Trust is expensive and complex. However, it doesn’t have to be. It can be designed in such a way that it works with your existing architecture. But you have to follow an orderly plan of implementation and execution. This involves five major steps:
Obviously each of these five stages can be broken down into dozens of smaller action steps, but it’s helpful to organize them according to these headings. If nothing else, this will streamline your approach.
The key to selecting the right system is to look for one that’s comprehensive, efficient, and preventive. Cyber attacks are becoming more sophisticated and you must be able to prevent the most advanced attacks over time – no matter how new or unique they are.
How you choose to implement Zero Trust depends on your business, needs, budget, risks, threats, and opportunities. However, you don’t need to go out and totally change your entire security infrastructure, it can be as simple as using a single consolidated cyber security architecture.