A zero trust architecture implements a security strategy based on the principle of least privilege. Under a zero trust security model, all systems – inside and outside of the network – are treated as a potential threat, and access requests are evaluated on a case-by-case basis to protect against unauthorized access to corporate resources and minimize cybersecurity risk.
The zero trust security model was developed in 2010 by John Kindervag while he was a principal analyst at Forrester Research Inc. Since then, it has taken off and has become a primary security goal for companies worldwide.
The zero trust security model is based on the concept of “trust but verify”. Historically, security models have implicitly trusted any user or device inside of the network under the assumption that it has been validated as authorized and legitimate. Under a zero trust model, every access request is independently scrutinized and verified before granting access to corporate resources. This is true regardless of where the request originates, both inside and outside of the corporate network perimeter.
By default, a zero trust security model treats every user, device, and application as a potential threat to the company. Only after evaluating the legitimacy of a request – based on role-based access controls (RBACs) and other contextual data such as the request origin, timestamp, and user behavioral analytics – is access granted or denied.
The Zero Trust Extended Security Model defines seven key principles or areas of focus when an organization is working to implement a zero trust security model.
Five of these principles are based on applying the “default deny” security posture to various corporate assets, including:
The other two key principles describe vital capabilities for a zero trust security strategy, including:
An effective zero trust security policy is one that is consistently enforced across an organization’s entire IT ecosystem. Otherwise, cyber threats can exploit enforcement gaps to gain unauthorized access to corporate resources.
Attempting to implement zero trust with an array of disparate and standalone security technologies is likely to create these dangerous security holes. Check Point Infinity offers a holistic and integrated approach to implementing zero trust based on a consolidated security infrastructure.
Check Point Infinity is the core of Check Point’s Absolute Zero Trust Security strategy. It enables an organization to implement all aspects of the core zero trust principles, centralize monitoring and management of its security architecture, and minimize cybersecurity risk with a prevention-focused approach to known and zero-day threats.
To learn how to implement a zero trust security policy, check out The Ultimate Guide to Zero Trust Security. Then, find out how to implement zero trust with Check Point Infinity in Absolute Zero Trust Security with Check Point Infinity Architecture.