The zero trust approach to enterprise security proposed by analyst firm Forrester Research nearly a decade ago can be challenging to implement. You need a clear understanding of the changes it entails and the impact it can have on the user experience.
The model emphasizes robust user authentication and device validation over network and endpoint security as key to protecting applications and data against new and emergent threats. Instead of having enforcement mechanisms at the network perimeter, zero trust focuses on moving them as close as possible to the actual application or surface that needs to be protected. Users and devices are not automatically trusted simply because they happen to be behind the enterprise perimeter or on a trusted network.
“Zero trust is a thought process and approach about how to create your organization’s cyber security posture,” says Steve Dyer, CTO of Respond Software. “Conceptually, it boils down to ‘don’t trust the network whether inside or outside the perimeter’.”
Implementing the model requires thoughtful planning and recognition that zero trust is a journey and not a destination. “Vendors are jumping all over zero trust as the next big thing they can hang their existing platforms on,” Dyer notes.
In reality a lot of what’s involved in implementing the model is boring, unglamorous work to create and maintain policy around data access and authorizing access to applications that read and write that data. “There are no silver bullets. The heavy lift will be on the internal teams since they understand the business drivers and core assets,” says Dyer.
Here are some of the key steps that Dyer and others believe are necessary for organizations to take when starting on the road to zero trust.
More from my site
- Zero-trust security adds necessary ingredients
Today's threat landscape consists of skilled, organized and well-funded bad actors. They have many goals including exfiltrating sensitive data for political or economic motives. […]
- Model-driven security: using unconventional controls to stay ahead of threats
Whether you’re a newly minted or battle-hardened CISO, the environment you’re chartered with protecting is likely full of what I call conventional controls.These mechanisms provide the […]
- Zero Trust Networking (ZTN): don’t trust anything
John Kindervag, a former analyst from Forrester Research, was the first to introduce the Zero-Trust model back in 2010. The focus then was more on the application layer. […]
- The thin host to serverless model is radically realigning your security responsibilities
In the not too distant future, the majority of new enterprise software deployments will be cloud-native, forever altering the information security team's core responsibilities. […]
- Security serves as an essential component to growing an enterprise with SD-WAN
As enterprises endeavor to expand domestic and global footprints, agile network infrastructure connectivity across geographies continues to prove an ongoing challenge. In […]
- 5 cyber security basics you can’t afford to ignore
The recently discovered vulnerability involving fax lines on HP multi-function devices, termed Faxploit, are a reminder of the importance of fundamental security practices.
I did […]
- Mastering email security with DMARC, SPF and DKIM
Phishing and email spam are the biggest opportunities for hackers to enter the network. If a single user clicks on some malicious email attachment, it can compromise an entire enterprise […]
- Netsurion eases networking and security challenges
The disciplines of networking, security and regulatory compliance are challenges for all organizations, but especially so for small and medium-sized businesses (SMBs) for a […]
- 11 tips for prioritizing security spending
You know all the security advice. You need to have a solid firewall. But it's not enough to defend the perimeter anymore, so you need total visibility into your internal network as well. […]
- How to speed up security tool evaluation and deployment
With the rise in both the volume and variety of cyber threats, it seems there are now specialized tools for almost everything.This was never more obvious than at the latest RSA […]