What is a Zero Trust approach to security?

Share
Zero Trust has become one of cybersecurity’s latest buzzwords and has been coined as one of the emerging cybersecurity trends to watch in 2021.

According to cybersecurity company Palo Alto Networks, it's imperative to understand what a zero trust architecture is in light of the COVID-19 pandemic which has accelerated the journey to Zero Trust platforms.

Palo Alto Networks defines Zero Trust as a strategic initiative that helps prevent successful data breaches by eliminating the concept of trust from an organisation’s network architecture. Rooted in the principle of “never trust, always verify,” Zero Trust is designed to protect modern digital environments by leveraging network segmentation, preventing lateral movement, providing Layer 7 threat prevention, and simplifying granular user-access control.

Zero Trust was created by John Kindervag, during his tenure as a vice president and principal analyst for Forrester Research, based on the realization that traditional security models operate on the outdated assumption that everything inside an organization’s network should be trusted. Under this broken trust model, it is assumed that a user’s identity is not compromised and that all users act responsibly and can be trusted. The Zero Trust model recognizes that trust is a vulnerability. Once on the network, users – including threat actors and malicious insiders – are free to move laterally and access or exfiltrate whatever data they are not limited to. Remember, the point of infiltration of an attack is often not the target location.

According to The Forrester Wave™: Privileged Identity Management, Q4 2018, This trust model continues to be abused credentials.1 Zero Trust is not about making a system trusted, but instead about eliminating trust.

Share

Featured Articles

Dazz: The Firm that Has Wiz Eyeing an Acquisition

Dazz, an lesser-known cybersecurity firm, has unicron Wiz eyeing and Aquisition

Google's Big Sleep: From Concept to Vulnerability Discovery

Researchers from Google Project Zero and DeepMind have uncovered their first real-world vulnerability using a large language model

Why the UK’s Financial Authority Has Issued a Cyber Decree

The UK’s Financial Conduct Authority (FCA) has issued a cyber directive to financial firms following the CrowdStrike IT outage

Sustainability Secured: SolarEdge Devices Cyber Certified

Cyber Security

Kyndryl and AWS: The Cyber Issues Facing the Energy Sector

Cyber Security

Customer Confidence: Hiscox Reveals Growing Cost of Attacks

Cyber Security