What is Zero Trust – works on the premise “you trust no one on your network”

The traditional indicators companies use to ensure someone on the network was safe

  • Where they inside the business
  • Where they are operating behind a firewall

In today’s world, employees work remotely, applications are in the cloud. This makes the traditional ways of securing the network close to impossible.

With Zero Trust we operate off 5 building blocks

  • Validating the Network is Not Enough
    • Customers/Employees/Partners access applications from public wi-fi on a regular basis; because of this network validation can no longer validate insider vs outsider access.
    • Every user, device and application NEEDS to be subject to same rules
  • Authenticate the User
    • Intelligent authentication is crucial part of Zero Trust security — user should have multiple factors to prove they are who they say they are….
      • Password
      • 2FA
      • Fingerprint/Eye Scan
  • Authenticate and Validate the Device
    • A valid employee can do work on a “compromised computer/tablet”
      • To assist in keeping this from happening, the valid devices should have identification and/or be certified.
  • Authenticate the Application
    • So, the employee and the device have passed authentication; now the application needs to be authenticated
      • This various… Verify the OS version through device management Token Binding
  • Authorize the Transaction
    • Central authorization engine MUST decide if this user is allowed to carry out this transaction.
    • The default answer is always NO—unless there is enough info to verify it is good
      • This could use static rule that says “only employees can send corporate email”
      • You could have a risk score system that decides who can complete which request

As you can see Authenticate is #1 priority with Zero Trust. No one is ready to put all their application in the open internet; but you can start with Customer facing applications.

Humans are the weakest link in fight against hackers – start a training process of everyone in the company. You really need to start at the top and train down. IF owners/managers are not on board, no one else will be