Zero Trust Explained
Zero Trust is a security model that was developed and coined by John Kindervag, former vice president of Forrester Research. Kindervag noticed that existing security models had flaws and weaknesses due to its operation on the assumption that an organization’s network is entirely comprised of trustworthy devices, users, and pieces of software. This assumption of trustworthiness is the foundation of a lot of existing security networks. It does not consider the prospect of a user having their identity compromised or acting with dishonest intentions.
Zero Trust was designed to help prevent security and data breaches by removing this inherent trust in all devices and users within an organization’s network. Zero Trust networks use granular access controls to verify each individual user and device before granting them access to specific areas of the network or pieces of data.
How Does Zero Trust Work?
Designing and operating a Zero Trust network first requires the identification of a “protect surface” – which is comprised of a network’s most valuable DAAS (data, applications, assets, and services). The next step is to identify traffic movement within your organization – such as the identity of each user, which applications they use, what data they access, and how and what they communicate across the network. Creating a visual map of traffic flows is a common way of doing this. This can be a complicated procedure.
Once the traffic has been identified, the next step is to create a microperimeter around the protect surface. A microperimeter can be comprised of an advanced firewall – or segmentation gateway in more technical terms – that only allows traffic from applications and users that have been verified as legitimate. A Zero Trust model may incorporate multiple pieces of software, and there are many software applications available to help create a Zero Trust network.
Most organizations that use a Zero Trust network design a Zero Trust Policy, which is individual to each organization and is used to designate the specific rules of the microperimeter. A Zero Trust network should always be continuously maintained and checked for potential security weaknesses, and a Zero Trust policy may change and develop over time in response to events.
Reasons to Deploy a Zero Trust Network
Although a Zero Trust network requires careful planning and knowledge to set up, the advantages of doing so are undeniable. With hackers and cybercriminals constantly finding new weaknesses and developing new strategies to attack existing security models, any organization must evolve their security model in response.
In addition to making your security more robust, Zero Trust models also allow for greater ability for verified users and devices to connect to the network regardless of their location. Zero Trust networks are also often comprised of software that enables greater insight and control over the network’s traffic!