This is the second part of a multi-part series. We encourage you to also read the blog: Zero Trust 101 for SMEs
For today’s modern digital transformation, Zero Trust is a framework for safeguarding infrastructure and data. It specifically addresses today’s business concerns, such as securing remote workers, hybrid cloud systems, and ransomware attacks. While many suppliers have attempted to define Zero Trust on their own, there are a number of industry standards that can help you align your company with Zero Trust.
Before being permitted or maintaining access to applications and data, all users, whether inside or outside the organization’s network, must be verified, authorized and continually checked for security configuration and posture. Zero Trust accepts that there is no typical network edge; networks can be local, cloud-based, or a blend of the two, with resources and workers located anywhere. Zero Trust is about more than user identity, segmentation, and secure access. It’s a strategy upon which to build a cybersecurity ecosystem that can be broken down into three principles:
1. Terminate every connection. This prevents ransomware, malware, and other threats. Any successful Zero Trust solution eliminates all connections to allow an inline proxy architecture to inspect all communication. This includes encrypted information, in real-time, before it reaches its destination.
2. Protect data using granular context-based policies. These policies validate access requests and rights based on context, such as the user’s device, location, content type, identity, and the application in question. Zero Trust policies are adaptive, so user access privileges are constantly reassessed as context changes.
3. Eliminate the attack surface. Users will only connect directly to apps and resources they need using a Zero Trust approach. Using a direct connection between users and applications stops the possibility of lateral movement and keeps infected devices from spreading to other resources.