With cyber security, the goal has always been simple – to maintain safe and stable business operations. While this goal may seem simple, the journey to get there is not always easy.
Evolution of Security
Way back when, security seemed so much easier. In the good old days, everything lived behind a firewall, within a corporate network. In the early 2000’s, access was granted through secure virtual private networks. This security revolved around the notion of ‘trust but verify.’
Following this came the introduction of cloud applications and services, which left behind traditional perimeter security and brought forth an expanded attack zone. This introduced security challenges, forcing IT professionals to find innovative ways to secure their data.
In 2009, John Kindervag created the zero trust model of cybersecurity and defined it as 'a method that assumed no traffic within a Company’s network was any more trustworthy than external traffic.'
Fast forward to today, where the increase in cloud, mobile and remote workers has put the visibility and control of users and devices outside of the Company. This expanded perimeter is now centered around user identity, access management and their devices - forcing Companies to bring back the notion of zero-trust.
But what is zero-trust? What does it solve? How can organizations build a zero-trust model, and where should they start?
Success with Zero Trust
With zero trust, all users, even those inside the corporate network, need to be authenticated, authorized, and constantly validated, before being granted or keeping access to applications and data. This approach leverages technologies such as multifactor authentication (MFA), identity and access management (IAM), and end-point security. Read more about MFA.
To achieve success with zero-trust, companies must constantly monitor and validate that a user and their devices have the right privileges and characteristics. The enforcement of zero-trust relies on real-time visibility into user attributes such as:
- User identity and user logins
- Type of end-point hardware
- Version of firmware and operating system
- Level of patching
- Applications installed
- Vulnerabilities and incident detections
Why Zero Trust?
With zero trust, you have an effective way of controlling access to networks, applications, and data. It combines a wide range of preventative techniques that include:
- Identity verification
- End point security
- Micro-segmentations (way to create secure zones)
- Least privilege controls (minimum access levels)
This additional security is vital in today’s remote world, as companies increase their end points, users and expand their infrastructure to cloud-based apps and servers. These trends make it difficult to establish, monitor and maintain secure perimeters.
If you are committed to deploying a Zero Trust model, or even if you're just considering it, here are 8 tips to Enabling Trusted Security.
Want to read more about The Threats Your Company should be on the lookout for? Check out our blog.