What is Zero Trust – works on the premise “you trust no one on your network”
The traditional indicators companies use to ensure someone on the network was safe
- Where they inside the business
- Where they are operating behind a firewall
In today’s world, employees work remotely, applications are in the cloud. This makes the traditional ways of securing the network close to impossible.
With Zero Trust we operate off 5 building blocks
- Validating the Network is Not Enough
- Customers/Employees/Partners access applications from public wi-fi on a regular basis; because of this network validation can no longer validate insider vs outsider access.
- Every user, device and application NEEDS to be subject to same rules
- Authenticate the User
- Intelligent authentication is crucial part of Zero Trust security — user should have multiple factors to prove they are who they say they are….
- Password
- 2FA
- Fingerprint/Eye Scan
- Intelligent authentication is crucial part of Zero Trust security — user should have multiple factors to prove they are who they say they are….
- Authenticate and Validate the Device
- A valid employee can do work on a “compromised computer/tablet”
- To assist in keeping this from happening, the valid devices should have identification and/or be certified.
- A valid employee can do work on a “compromised computer/tablet”
- Authenticate the Application
- So, the employee and the device have passed authentication; now the application needs to be authenticated
- This various… Verify the OS version through device management Token Binding
- So, the employee and the device have passed authentication; now the application needs to be authenticated
- Authorize the Transaction
- Central authorization engine MUST decide if this user is allowed to carry out this transaction.
- The default answer is always NO—unless there is enough info to verify it is good
- This could use static rule that says “only employees can send corporate email”
- You could have a risk score system that decides who can complete which request
As you can see Authenticate is #1 priority with Zero Trust. No one is ready to put all their application in the open internet; but you can start with Customer facing applications.
Humans are the weakest link in fight against hackers – start a training process of everyone in the company. You really need to start at the top and train down. IF owners/managers are not on board, no one else will be
