Zero Trust Defined
Zero Trust is a security concept that requires all users, even those inside the organization’s enterprise network, to be authenticated, authorized, and continuously validating security configuration and posture, before being granted or keeping access to applications and data.
Instead of assuming everything behind the corporate firewall is safe, the Zero Trust model assumes a breach and verifies each request as though it originates from an open network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust, always verify.” Every access request is fully authenticated, authorized, and encrypted before granting access.
Your computer network is only as secure as your weakest link. The Zero Trust Model says trust no one, both inside and out.
The first basic principle of Zero Trust is to authenticate and verify access to all resources. Each time a user accesses a file share, application, or cloud storage device, we re-authenticate that user’s access to the resource in question. The assumption is every attempt at access on your network is a threat until confirmed otherwise, regardless of the location of access or hosting model.
However, Zero Trust can only be successful if organizations are able to continuously monitor and validate that a user and his or her device has the right privileges and attributes. One-time validation simply won’t suffice, because threats and user attributes are all subject to change.
As a result, organizations must ensure that all access requests are continuously vetted prior to allowing connection to any of your network or cloud assets. That’s why enforcement of Zero Trust policies heavily relies on real-time visibility into user attributes such as:
user identity
endpoint hardware type
firmware versions
operating system versions
patch levels
vulnerabilities
applications installed
user logins
security or incident detections
In addition, the organization should thoroughly assess its network structure and access privileges to contain potential attacks and minimize the impact if a breach should occur.
Why is Zero Trust important?
Zero Trust is one of the most effective ways for organizations to control access to their networks, applications, and data. It combines a wide range of preventative techniques including identity verification, micro-segmentation, endpoint security, monitoring the network, and least privilege controls, to deter would-be attackers and limit their access in the event of a breach.
This added layer of security is critical as companies increase the number of endpoints within their network and expand their infrastructure to include cloud-based applications and servers. Both of these trends make it more difficult to establish, monitor, and maintain secure perimeters. Furthermore, a borderless security strategy is especially important for those organizations that have a global workforce and offer employees the ability to work remotely.
Finally, by segmenting the network and restricting user access, Zero Trust security helps the organization contain breaches and minimize potential damage. This is an important security measure as some of the most sophisticated attacks are orchestrated by internal users.
Cyberthreats are prolific and continuously adapting — we are in a cyber arms race where combatants have a broad threat surface to play with and no shortage of tactics to do damage. “Trust but verify” is no longer a valid approach. Moat and castle strategies ignore threats and compromised assets inside the castle. The Zero Trust framework provides you a rigorous approach to defend and counter today’s escalating risk.
site: www.crowdstrike.com