Zero Trust: This concept was coined in 2010 by John Kindervag, a former Forrester Research analyst who is also considered one of the world’s leading cybersecurity experts. basically Guided by the principle «never trust, always verify», the application of this strategy aims to protect modern digital environments with increasingly mobile and connected users.
A zero trust approach allows organizations to make access certainly decisions based on the context of the transaction.
Creating a zero trust architecture requires excellent identity data, contrarily properly assigned rights and a standardized application of authentication.
Why Zero Trust?
Many organizations have taken a decentralized approach to identity and access management, accordingly allowing multiple lines of business to build their own controls. Unfortunately, this leads to duplicate access enforcement systems. Zero Trust takes a more consistent approach across the enterprise, also providing visibility and enforcement of access policies. This means increased security and compliance.
Implementing zero trust is an interdisciplinary exercise spanning identity, firstly access management, and infrastructure security. There is no single technology that can cover all requirements. Access policies can be implemented in access management solutions as well as privileged access tools. Network infrastructure, API gateways, cloud platforms and even within application code.
- Identify policy enforcement points and policy engines for access decisions.
- Understand the information points of the policy.
- Identify implementation patterns.
- Know their data.
- Develop a risk-based roadmap.
Do you want to keep your company safe?
Sources:
- Accenture
- welivesecurity.com