What is zero trust? Zero Trust is an information security framework which states that organizations should not trust any entity inside or outside of their perimeter at any time. It provides the visibility and IT controls needed to secure, manage and monitor every device, user, app and network being used to access business data. It also involves on device detection and remediation of threats.~Wikipedia
Well that certainly lays out a negative narrative. Let’s break it down a bit and examine the reasons why we need to be so cynical and defensive.
… should not trust any entity inside or outside of their perimeter at any time
We are well aware of the outside threats of malware, ransomware, denial of service attacks and social engineering. So we put defenses in place like firewalls and anti-virus. Controls are in place for network segmentation and remote access is controlled. There are different levels of access to network resources based on the need to know. All of this can help to protect the organization from insider threats as well. Patching, firmware updates and backups are timely and regular. We conduct training for our employees to educate them about phishing and other social engineering ploys.
… provides the visibility and IT controls needed to secure, manage and monitor every device, user, app and network being used to access business data
Do you have all the tools necessary to monitor your network activity? Make use of all that you can and enable logging. By regularly checking your bandwidth usage, monitoring user and device access you can quickly catch irregular activity. Take advantage of automated alerts. Stay current on employees that have left the organization so that you can quickly disable access to resources.
… involves on device detection and remediation of threats
Does your anti-virus alert you of an infection on one of your network devices? Do you enable intrusion detection on your firewall? What about failed login attempts? Do you have the ability to auto-wipe a device should it become lost or stolen? Automation of these types of alerts can help you to stay up-to-date on network activities.
More organizations are utilizing cloud services which means that users are accessing data from various locations and devices. More safeguards are necessary. Here are some considerations:
- 2 factor authentication or multi-factor authentication
- Segmentation and access permissions (micro-segmentation)
Zero trust simply means that everything and everyone must be verified before being trusted to connect to its system. Our ever changing environment of hacks and breaches call for a new level of vigilantism.