Guide to Zero Trust Security

by | Jul 25, 2022 | Cybersecurity

Until recently, cities were built with strong defenses to protect against intruders; they were surrounded by a tall, thick stone wall with gates that could be securely locked. The townspeople inside the walls were trusted. Strangers outside who requested entry were challenged to show cause to admit them.

That same defensive model was applied to information security. The corporate network perimeter was fortified. Users inside the perimeter—employees, along with trusted vendors and partners—were readily granted access to resources. Security tools focused on detecting unauthorized attempts to breach the perimeter.

This traditional perimeter-based security model no longer adequately addresses cybersecurity challenges for several reasons:

1. Perimeters aren’t well defined

Cloud computing and “bring your own device” mobile policies make it difficult to distinguish between the “us” we trust and the “them” we’re wary of. Data constantly moves between systems and users in different locations, and trusted users may use untrusted devices. In addition, cloud, distributed, and mobile computing models significantly increase the number of endpoints, making it more difficult to apply security controls consistently across the network.

2. Trusted partners may be compromised

Assessing a partner as trusted only once and granting access privileges in perpetuity makes businesses vulnerable to threats from those partners. The SolarWinds Sunburst supply chain attack in late 2020 proved that: businesses trusted that downloads from their vendor’s site were safe, but in fact the SolarWinds downloads had been corrupted by malware. More than 30,000 organizations were placed at risk.

3. Employees endanger assets, either deliberately or accidentally

Trusting employees in perpetuity also makes businesses vulnerable. Employees with a grudge, with motivation to steal intellectual property, or simply with a propensity to make errors, can all put business data at risk. In addition, security incidents that expose login ids and passwords are common. Verizon’s Data Breach Investigations Report found that more than 80% of attacks relied on misused credentials or network privileges. Current information security models, including use of virtual private networks, mean that once a malicious user has used credentials to breach the network, they’re likely to have significant access to all the resources inside the so-called perimeter or trust zone.

Get the Full Guide: Zero Trust Security

There is no way to harden the perimeter enough to resolve these challenges. Instead, the solution is to recognize that there is no such thing as safety when it comes to information security and malware. Businesses need to operate in an environment in which each and every request for access by each and every user is examined each and every time.

That results in a Zero Trust approach to information security, and in fact Zero Trust security is now the cybersecurity solution recommended by the federal government. In addition to segmenting networks and restricting user permissions, Zero Trust means access privileges are never granted on an ongoing basis; each and every request is evaluated and assessed for risk each and every time.

In this Zero Trust Security guide you will learn:

  • Seven principles of zero trust
  • Environments that would benefit most from a zero trust approach
  • How to apply zero trust principles
  • Important layers of zero trust protection
  • Phases involved in a zero trust implementation
  • And more!

Want to learn about the seven principles, the benefits, and how to apply zero trust principles? Download the Definitive Guide to Zero Trust Security here.

Additional Cybersecurity Resources

Top CISO Priorities: Summer 2022

Data Breach Industry Forecast

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

IT executives are invited to register to participate in this exclusive community and receive the latest news and important resources directly to your inbox: