Zero Trust: What is it? and What does it mean?
Control, Who, What, Where & When.
The three key principles of Zero Trust:-
Never Trust, always verify, continuously monitor.
“It’s not enough to defend the perimeter!”
Understanding that the ‘bad guys’ are probably already accessing or accessed your infrastructure, your firewall is no longer going to help. A firewall is in place to protect your perimeter but as we move through digital transformation, we/organisations must understand that our environments are now perimeterless, therefore security needs to evolve in the same way.
Zero Trust must be implemented as part of an organisation’s overall digital transformation strategy. If you are thinking of moving to the cloud or are in the process of doing so, now is the time to investigate the Zero Trust model/methodology.
It doesn’t have to be a radical change of technologies; instead deploying Zero Trust iteratively allows you to take advantage of the tools and technologies you are already using or have implemented as part of your security landscape.
Initially, you need to understand what ‘surface’ you are looking to protect. The ‘attack surface’ is constantly changing, identifying the ‘protect surface’ such as critical data; including credit card or bank details, Personally Identifiable Information (PII), intellectual property, Applications, assets/devices, and services such as DNS or Active Directory (AD).
Secondly: How does traffic move across your network? Understanding how data, Applications, etc; are used and accessed will identify where the controls need to be enforced whilst allowing the business to continue seamlessly.
From here you can start mapping out your Zero Trust architecture.
Start looking at the technology you will need to secure and protect your valuable assets. Technologies including Next-Generation Firewalls (NGFW), Web Application Firewalls (WAF), Access Controls, Multi-factor Authentication (MFA), Orchestration, Encryption, Identity & Access Management (IAM), and Analytics.
Once the right level of technology is in place you need to define specific policies to control the; Who is accessing data? What data are they accessing? Why are they accessing it? Do they have the correct level of permissions? When; as in what time of day; is it unusual? Where are they accessing from, location, etc? And how are they accessing the information?
The final step to Zero Trust is Monitoring.
The above covers the 3 key principles of Zero Trust: Never trust, always verify and continuously monitor.
If you have any questions or would like to understand how you can implement Zero Trust, please get in touch.
We’re here to help you and your business create a secure future for customers, suppliers, and your employees.