Most CSOs today will tell you, the concept of Zero Trust is an important cornerstone of their data security strategies. In the last few years, the idea has gained popularity – for good reason. With the number of data records being stolen each year now numbering in the billions, it’s time to re-evaluate our approach. There are important benefits to Zero Trust – starting with the baseline assumption that flips conventional wisdom on its head and demands continuous authentication before access to data is ever granted, with each and every step.
Historically, we’ve put networks, devices, data, apps and users in a ‘trust’ relationship. For example: this is Sarah’s machine. It runs these apps and she and the machine has access to this data. In this environment, these relationships are trusted, with little verification after it’s first granted. That automatic trust is often where cyber criminals find their way to their prize.
Read our tutorial: What You Need to Know About Zero Trust
So rather than assume trust, consider it a vulnerability.
Trust is a Vulnerability
With a mass exodus from corporate data centers to cloud-based everything, network perimeters are all but extinct. Countless mobile devices, reliance on a distributed workforce and other remote work trends have widened the threat landscape and pushed traditional security approaches to their breaking point.
The idea of not trusting all of those exploited apps, missing devices and unsuspecting users makes a lot of sense. Continuous verification helps keep the bad guys out certainly, and it brings 3 additional benefits to the organizations who employ it:
- Improved Intelligence: When you’re continually authenticating identity and access, these ‘security checkpoints’ produce valuable intelligence for security teams. Far beyond a log of who is doing what, these events also establish regular connections with IT and provide administrator insight into how well the security tools are working.
- Faster Containment: Zero trust is often bundled with an architectural shift toward segmentation. With partitions in place, containment is easier and faster because you’re able to ‘trap’ threats within an individual segment and foreclose the opportunity for the threat to advance.
- Better Performance: With fewer hosts and endpoints within each segment, system traffic is more easily modulated from one segment to the next. By segmenting, you use fewer resources and those resources are less likely to be overwhelmed.
Zero Trust Starts with Asset Intelligence
The foundation to Zero Trust is Asset Intelligence. Without knowledge of your data, devices, users, and apps, there’s no way to know what needs verifying. Absolute is embedded in your device’s firmware at the factory. This digital tether creates an unbreakable grip on every device and streams asset intelligence into a single cloud-based console – giving you absolute visibility, control and resilience.
If you would like more information on Zero Trust, watch the next episode of our Cybersecurity Insights video below. And while you’re at it, watch and subscribe to our full Cybersecurity Insights video series on YouTube.
Imagine walking through an airport and having to validate your trustworthiness with every stride. That’s zero trust!
But trust has to be earned, verified. And that’s where things get tricky.
For decades, we put networks, devices, data, apps, and users into a ‘trust’ relationship, but without much verification. Introduced by John Kindervag, in 2010…zero trust has become a touchstone for those who demand cyber resilience and persistent security.
You know the mantra ‘trust is a vulnerability’? Well, it comes with three benefits:
- Improved Intelligence
- Faster Containment, and…
- Better Performance
First, zero trust gives IT and security teams the INTELLIGENCE they need by monitoring how access is granted (or denied)…in every pocket of the environment.
With more ‘security checkpoints’ comes validation events, when you have more validation events, you get better models for how security controls are working.
Second…faster CONTAINMENT. Zero trust is often bundled with an architectural shift toward segmentation.
With partitions, containment is easier and faster because we’re able to ‘trap’ threats within an individual segment and foreclose the opportunity for the threat to advance.
And 3: Better PERFORMANCE
With fewer hosts and endpoints per segment, system traffic is more easily modulated from one segment to the next. By segmenting, we use fewer resources and those resources are less likely to be overwhelmed – giving us ‘better performance’.
Asset INTELLIGENCE is the foundation of zero trust; without knowledge of data, devices, users, and apps, there’s no way to know what needs verifying.
If PERSISTENT security is the goal, zero trust is one of the most effective ways to get there.
Trust IS a vulnerability, get rid of it! And enjoy cyber RESILIENCE.
Remember to like, subscribe, and share (oh, and comments below are always a good way to keep the conversation going). I’ll see you next time!