Cyber Security Blog

Blog about ongoing issues and research in cyber security, risk, and solutions.

Advancing Cybersecurity Through Zero-Trust

Thought I would write a short post encouraging you to begin to investigate Zero-Trust. Many, or almost all security and network professionals will agree that firewalls are not adequate in provide the level of security needed to meet the needs of their businesses. Introduced over 10 years ago by Forrester analyst John Kindervag, the concept of Zero-Trust, is a more layered approach to providing cybersecurity.

The concept behind Zero-Trust is trust no one, no device, and no connection. Essentially this means that all connections must meet the requirements for cybersecurity. An example could be that the connecting end-device does not have the latest security updates. In addition, an user who is authenticated could be unauthorized to access a particular dataset.

As you can see, to employ Zero-Trust there is a lot of work to perform to set it up, and potentially, even more work monitoring and managing the system as move forward in time.

Some of the concepts included in Zero-Trust are:

  1. automation of processes for security

  2. encryption

  3. identity access management

  4. mobile device management

  5. multi-factor authentication

  6. additional concepts and requirements

As you can see, this is not a one step implementation of a software package. Furthermore, a number of the Zero-Trust model rely heavily on the use of cloud computing and cloud services.

I recommend that you conduct a web search and read some of the available articles on the web. Be aware of solutions and arguments that are vendor specific, there may well be multiple vendors and multiple ways in which you can implement Zero-Trust in your organization.

Gordon Skelton