The Big News About Zero Trust
The Big News About Zero Trust
Zero Trust brings a new and highly innovative strategy to cyber defense practitioners. The term Zero Trust was first coined in 2009 by Forrester Research and has gained increasing acceptance and adoption across commercial enterprise and government. Forrester’s position was that the notion of treating the internal network as trusted and the external networks as untrusted was flawed. The obvious conclusion was that all networks were to be considered untrusted all of the time.
Stepping back, in context with current events, it all makes sense. The weaknesses within current network architectures and TCP/IP have created the imperative for Zero Trust. Existing perimeter and endpoint defense, layered with other technologies using the classic “defense in depth” strategy, worked well for years. Recently, however, we have seen that perimeter defense based strategies are failing. Now the assumption must be that, at some point, attackers will penetrate the perimeter defenses and gain access to your internal networks. Once inside, attackers are completely free to navigate the networks, identify resources, and watch network traffic.
Zero Trust is the right next step. Zero Trust capabilities can be added in layers to complement and support your existing cybersecurity ecosystem. There is no need to replace or eliminate your existing cybersecurity defenses when implementing a Zero Trust network architecture.
The core principle at the heart of Zero Trust is to not allow any access to network resources, internal IP addresses, or servers until the identity of the user is properly authenticated and their access to the specific assets is authorized. Another key principle of Zero Trust is to only allow a user full access to the bare minimum they need to perform their job or least privilege. Users that seek to go outside of the policy will be stopped from this unauthorized activity. Zero Trust makes the important assumption that the system could be compromised at any time and reduces network visibility accordingly to stop adversaries. Simple but highly impactful.
The Zero Trust ecosystem draws from a wide range of technologies designed to integrate with your existing cyber ecosystem and network defenses to better secure and harden standard TCP/IP networks. Absolutely nothing should be allowed network or resource access until they have proven that they should be trusted. The goal of this empowered cyber ecosystem is to authorize, validate, manage, and enforce the identity of the system and users throughout the network.
Zero Trust strategy works everywhere and can benefit every industry. When implemented correctly, Zero Trust can bring very high value to finance, manufacturing, health care, and government. These sectors have a very large number of the unprotected vulnerabilities in areas such as unpatched software, missing updates, embedded processors, the internet of things (IoT) devices, and mobile devices.
In the financial industry, heavily targeted areas include automated teller machine (ATM) networks, SWIFT financial networks, online banking, and point-of-sale systems; Zero Trust is effective at protecting all of these. In manufacturing, Zero Trust can also protect very complex networks such as those used for industrial control systems and the internet of things (IoT) devices that are found in these networks. In health care, consistently a target of choice for organized crime, Zero Trust becomes essential to protecting medical devices from the multitude of targeted attacks they have been experiencing the past few years.
In summary, Zero Trust brings a new and highly innovative cyber defense strategy for both enterprise and government. Zero Trust enhances your cyber defense posture by adding the necessary technology safeguards to protect your networks from attackers and the malicious insiders already within your networks. Finally, it is important that Zero Trust is compatible with all of your existing investments and enables you to select the right Zero Trust technologies you need to gain the right levels of protection.
Zero Trust brings a new and highly innovative strategy to cyber defense practitioners. The term Zero Trust was first coined in 2009 by Forrester Research and has gained increasing acceptance and adoption across commercial enterprise and government. Forrester’s position was that the notion of treating the internal network as trusted and the external networks as untrusted was flawed. The obvious conclusion was that all networks were to be considered untrusted all of the time.
Stepping back, in context with current events, it all makes sense. The weaknesses within current network architectures and TCP/IP have created the imperative for Zero Trust. Existing perimeter and endpoint defense, layered with other technologies using the classic “defense in depth” strategy, worked well for years. Recently, however, we have seen that perimeter defense based strategies are failing. Now the assumption must be that, at some point, attackers will penetrate the perimeter defenses and gain access to your internal networks. Once inside, attackers are completely free to navigate the networks, identify resources, and watch network traffic.
Zero Trust is the right next step. Zero Trust capabilities can be added in layers to complement and support your existing cybersecurity ecosystem. There is no need to replace or eliminate your existing cybersecurity defenses when implementing a Zero Trust network architecture.
The core principle at the heart of Zero Trust is to not allow any access to network resources, internal IP addresses, or servers until the identity of the user is properly authenticated and their access to the specific assets is authorized. Another key principle of Zero Trust is to only allow a user full access to the bare minimum they need to perform their job or least privilege. Users that seek to go outside of the policy will be stopped from this unauthorized activity. Zero Trust makes the important assumption that the system could be compromised at any time and reduces network visibility accordingly to stop adversaries. Simple but highly impactful.
The Zero Trust ecosystem draws from a wide range of technologies designed to integrate with your existing cyber ecosystem and network defenses to better secure and harden standard TCP/IP networks. Absolutely nothing should be allowed network or resource access until they have proven that they should be trusted. The goal of this empowered cyber ecosystem is to authorize, validate, manage, and enforce the identity of the system and users throughout the network.
Zero Trust strategy works everywhere and can benefit every industry. When implemented correctly, Zero Trust can bring very high value to finance, manufacturing, health care, and government. These sectors have a very large number of the unprotected vulnerabilities in areas such as unpatched software, missing updates, embedded processors, the internet of things (IoT) devices, and mobile devices.
In the financial industry, heavily targeted areas include automated teller machine (ATM) networks, SWIFT financial networks, online banking, and point-of-sale systems; Zero Trust is effective at protecting all of these. In manufacturing, Zero Trust can also protect very complex networks such as those used for industrial control systems and the internet of things (IoT) devices that are found in these networks. In health care, consistently a target of choice for organized crime, Zero Trust becomes essential to protecting medical devices from the multitude of targeted attacks they have been experiencing the past few years.
In summary, Zero Trust brings a new and highly innovative cyber defense strategy for both enterprise and government. Zero Trust enhances your cyber defense posture by adding the necessary technology safeguards to protect your networks from attackers and the malicious insiders already within your networks. Finally, it is important that Zero Trust is compatible with all of your existing investments and enables you to select the right Zero Trust technologies you need to gain the right levels of protection.