Comments (4)
-
Kerry Lloyd
Zero Trust security is no longer just a concept. It's finally a reality.
-
Mark Gallagher
Trust no one
-
Kevin Davidson
Excellent - explained in very simple terms.
-
Jack Hawkswell
Perfect explanation
The Zero Trust Model simplifies how information security is conceptualized by assuming there are no longer “trusted” interfaces, applications, traffic, networks, or users.
It takes the old model— “trust but verify”—and inverts it, because recent breaches have proven that when an organization trusts, it doesn’t verify.
This model requires that the following rules be followed:
According to a Forrester Research report, information security professionals should readjust some widely held views on how to combat cyber risks. Security professionals emphasize strengthening the network perimeter, the report states, but evolving threats—such as increasing misuse of employee passwords and targeted attacks—mean executives need to start buffering internal networks. In the zero-trust security model, companies should also analyze employee access and internal network traffic. One major recommendation of the Forrester report is for companies to grant minimal employee access privileges. It also emphasizes the importance of log analysis; another recommendation is for increased use of tools that inspect the actual content, or data “packets,” of internal traffic.
Teams within enterprises, with and without the support of information technology management, are embracing new technologies in the constant quest to improve business and personal effectiveness and efficiency. These technologies include virtualization; cloud computing; converged data, voice, and video networks; Web 2.0 applications; social networking; #smartphones; and tablets. In addition, the percentage of remote and mobile workers in organizations continues to increase and reduce the value of physical perimeter controls.
The primary vector of attackers has shifted from “outside-in” to “inside-out.” Formerly, the primary attack vector was to directly penetrate the enterprise at the network level through open ports and to exploit operating system vulnerabilities. We call this attack methodology “outside-in.” In “inside-out” attacks, the user inside the “protected” network reaching out to an external website can be just as vulnerable as the user accessing the Internet from home.
Just remember: the zero-trust model of information security means “verify and never trust.”
Zero Trust security is no longer just a concept. It's finally a reality.
Trust no one
Excellent - explained in very simple terms.
Perfect explanation
Leave your comments
Post comment as a guest