The concept of Zero Trust (ZT) is primarily a security model but also a mindset. ZT is based on the idea that threat exists everywhere, both inside and outside traditional network boundaries. Essentially, anyone and anything can be a security risk. Hence, by assuming that a breach is inevitable, ZT eliminates the automatic trust given to enterprise users and devices. Instead, users’ and devices’ access to an enterprise’s resources is based on a dynamic policy that attempts to reduce the attack surface by providing access based on the principle-of-least-privileged (PLP). PLP is applied for every access decision, and access is constantly under review, requiring continuous verification through real-time information from various sources that detect anomalies and suspicious activities.
ZT is a data-based security model that relies on different sources of input to make real-time access decisions. In doing so, ZT aims to increase the enterprise’s security posture by improving its ability to address the existing threats. Transitioning to a ZTA is a complex process that requires planning and patience. For optimum efficacy, ZT must be included in most, if not all, aspects of the enterprise’s network and have the support of the entire organization, from c-level executives to entry-level employees and everything in between.
Today’s threat landscape is desperate for Zero Trust
As the world becomes increasingly connected, it also becomes less secure. Today, enterprises benefit from a wealth of devices that assist in operational capabilities. However, while this benefits the enterprise, it also benefits attackers seeking to exploit such devices. The volume of data possessed by organizations has grown exponentially to enable connectivity and has done so in an increasingly mobile environment. Hence, data is no longer tied to a specific location, and it is both endpoints and networks which facilitate remote data access. Endpoints make attractive targets not only because of the data stored on them, but also the network access that they can provide an attacker with. This includes IoT devices which are often used as an attack vector. According to a 2020 report on Zero Trust Endpoint and IoT Security by Cybersecurity Insiders, there is a concern among 61% of organizations regarding endpoints and IoT devices gaining insecure network access and remote access.
Download White paper