Zero Trust Security

Image by https://lifars.com/2020/03/zero-trust-security-report-2019/

Identity Security

This focuses on securing individual identities throughout the cycle of accessing critical assets.

Zero Trust Security

This is simply don’t trust anyone.

Verifying

Traditional Castle-and-Moat approach

The traditional belief on allowing access to an entity is that everything already inside the perimeter can be trusted. This relies on trying to separate the bad cops from the good cops and assumes that the good cops can be trusted very well. This approach opens paths for the attackers to onboard systems. Once the attackers gain access inside corporate firewalls, can move through internal systems without much resistance.

Building a Zero-Trust Culture

Implementing zero security is not an overnight task but definitely, it will add more value to the system from a security perspective.

  1. Authenticate

Why Zero Trust Security is important?

Let’s consider a practical example to see why this is important.

Poor Bob :(
  • If bob got only JIT access for a certain period of time
  • If bob got only the required permissions, not the superuser permissions
  • If strong authentication has been implemented
  • If the infrastructure team has not trusted the inner circle employees
  • If the sensitive data has been protected by encrypting/hashing

Challenges of Zero Trust Security

  • Transforming the legacy applications will not be easy and time-consuming. The cost will be a bit higher.
  • Changing the employees' mindset to not trusting anyone will be a challenge.
  • If any ‘Regulations’ which has not yet adopted the Zero Trust model, which means the organizations under compliance may have trouble passing an audit.
  • Not every situation requires the same level of authentication. Therefore it may need to use flexible authentication policies.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store