The concept of Zero Trust (ZT) is primarily a security model but also a mindset. ZT is based on the idea that threat exists everywhere, both inside and outside traditional network boundaries. Essentially, anyone and anything can be a security risk. Hence, by assuming that a breach is inevitable, ZT eliminates the automatic trust given to enterprise users and devices. Instead, users’ and devices’ access to an enterprise’s resources is based on a dynamic policy that attempts to reduce the attack surface by providing access based on the principle-of-least-privileged (PLP). PLP is applied for every access decision, and access is constantly under review, requiring continuous verification through real-time information from various sources that detect anomalies and suspicious activities.
ZT is a data-based security model that relies on different sources of input to make real-time access decisions. In doing so, ZT aims to increase the enterprise’s security posture by improving its ability to address the existing threats. Transitioning to a ZTA is a complex process that requires planning and patience. For optimum efficacy, ZT must be included in most, if not all, aspects of the enterprise’s network and have the support of the entire organization, from c-level executives to entry-level employees and everything in between.
Download White paper