Authored by Neelesh Kripalani, Chief Technology Officer, Clover Infotech
Today’s organizations need a new security model that effectively adapts to the complexities of the modern environment, embraces the mobile workforce, and further protects people, devices, apps, and data irrespective of their location. This is where Zero Trust model comes in.
Zero Trust is extremely effective in reducing security incidents, as it implements the ‘deny all, allow some’ principle even within a trusted environment.
The original Zero Trust model of cybersecurity was developed by Forrester in 2010, but not fully embraced until Google successfully developed and implemented their version of Zero Trust, Beyond Corp, almost six years later. In 2019, Gartner, a global research and advisory firm, listed zero trust security access as a core component of secure access service edge (SASE) solutions.
To trust or not to trust?
In the Zero Trust paradigm, the answer is not to trust anyone. The Zero Trust approach to cybersecurity states that access should only be granted after a user is verified and only to the extent needed to perform a particular task.
“Zero Trust” explained
Zero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. It also requires the ability to enforce granular policy controls based on the results of that health check. Basically, you cut off all access until the network knows who's trying to connect. Don’t allow access to IP addresses, machines, etc. This approach depends on visibility into whether basic device and network security standards are met.
Simply put, based on the principle of verified trust (i.e. in order to trust, you must first verify), Zero Trust eliminates the inherent trust that is assumed inside the traditional corporate network.
Benefits of Zero Trust
Why ’Zero Trust’, you may ask. Without assumed trustworthiness, the network is more secure. If the organization is under cyber-attack, the virus can’t move laterally throughout the network since that movement is also regulated.
The ‘Zero Trust’ framework entails:
Key technologies for Zero Trust model
What are the core principles of the Zero Trust model?
Principles of ‘Zero Trust’ are built on inherently not trusting users, devices, networks, and access to sensitive resources based on any single one of those identity types and their associated attributes.
Challenges of Zero Trust
Zero Trust is not easy to implement, but it’s achievable. Organizations don’t have to apply all of the Zero Trust principles simultaneously. They can start implementing a Zero Trust architecture with small steps such as proper user verification mechanisms and grant your users only the privileges they truly need at the moment.
The benefits of implementing a Zero Trust framework go far beyond security. It ranges from improving visibility, to increasing productivity and making better use of your IT resources. While it may not be a complete silver bullet, it gives a fair chance to organizations to contain security incidents before they become catastrophic breaches.