These days, the concept of the network boundary is much more fluid than it once was. With employees working remotely, in the cloud and hybrid environments, and the increasingly sophisticated threat of data breaches, security is more important than ever. And that security needs to start with who is allowed to gain access to your network and data. This is where the principle of zero trust comes in.
What Is the Principle of Zero Trust?
The principle of zero trust operates under the assumption that no one is to be trusted until their identity is verified and their access authorized. This means that every single request for access is assessed on its own merits, whether it comes from inside or outside the perimeter of the corporate network. This is done to ensure the user is whom they say they are and that they have the appropriate permissions to be granted access.
The Fundamental Tenets of the Principle of Zero Trust
The principle of zero trust works only if certain core tenets are adhered to. These assume:
- The network is not secure.
- There are always internal and external threats on the network.
- The location of the network does not have any bearing on whether you can trust it.
- Every user and device must be authenticated.
With this in mind, the default should be to deny access to corporate assets by exercising zero trust in the following:
- Networks – You must view your network in terms of microsegments. In other words, every valuable digital asset your company has should have security perimeters around it. This will allow you to impose access controls at the asset level.
- Workloads – Workloads based in the cloud must have security monitoring and access management in place at a granular level to protect these assets.
- Data – Data security is critical to your company’s overall security. This means identifying valuable and sensitive data caches, mapping data flows and determining adequate access requirements across your IT system. This includes workstations, servers, mobile devices, and applications that are connected to the network.
- People – You can no longer rely on access credentials that are only based on usernames and passwords. For zero trust to be effective, you need zero trust network access and multi-factor authentication using passwords, biometric authentication, and token devices.
- Devices – All devices that are connected or try to connect to the network are to be treated as a potential threat. This allows you to determine if a device is a threat so you can isolate it from the network.
To accomplish the above, you will need full visibility into all aspects of your network and security policies. These policies must be based on sound analytics that is constantly monitoring, logging, correlating, and analyzing data from across your IT landscape.
In addition, your zero-trust architecture should be integrated into your overall IT architecture and corporate security infrastructure. This will support incident response and recovery that is rapid, automated, and can be scaled as needed.
Contact Platinum Technologies today to find out how we can help you implement the principle of zero trust to protect your networks.