Trust is dead, long live zero trust!
Credit to Author: Greg Iddon| Date: Tue, 10 Mar 2020 09:33:09 +0000
Trust is a dangerous word in the information technology field, especially when that trust is implicit – when it’s unqualified or unquestioned.
Creating a large, sealed-off corporate network security perimeter and trusting everything inside of it has proven time and again to be a flawed design. These soft, chewy centers are a hacker’s dream.
Once inside, they’re often invisible, and if the strongest checks are only at the perimeter then moving across the network and accessing important systems becomes trivial.
Whether you like it or not, the perimeter has been eroded. The old “corporate network” model with static defenses is incompatible with the Cloud, transient users, remote working or unknown devices. A paradigm shift is required.
Zero Trust is an emergent philosophy for information security; a mentality for how to think about cybersecurity and how to do cybersecurity.
It is based upon the principle of “trust nothing, verify everything” and focuses on protecting resources regardless of where they are.
Devices in a zero trust model are treated as if they were internet-facing. Each device is protected by a micro perimeter with checks and controls around and between them.
Our Demystifying Zero Trust whitepaper is an honest introduction to this hot new topic and will help you wrap your head around its tenets, its goals, and start you on your journey to your first Zero Trust network.
P.S. Don’t forget to check out NIST’s draft SP 800-207 after you’ve read our whitepaper.