Zero trust is an evolution of the concept of security beyond the borders or firewalls first proposed by the Jericho Forum.
Forrester Research analyst John Kindervag took this concept further. Kindervag understands that, given the tendency of security trends, it makes sense to extend security beyond the edge of corporate defenses.
He devised a term to describe the main problem: the elimination of trust relationships in computer systems. When you remove the inherent, default, and installed trust, you will get a better security paradigm. Zero trust was born.
Today, zero trust is a dominant security strategy; it is being adopted globally. In most cases, Zero Trust brings the control panel closer to the protected assets and tries to strictly direct access and privileges, which is the objective arbiter of trust in most systems.
In other words, zero trust is almost always a reversal of the old security paradigm that relies on high security walls and grants excessively loose access permissions. Instead, Zero Trust views, verifies, and enables every request and movement within the system as needed.
Why is visit so important?
Think for a moment like an opponent or hacker. Successful hackers know that they get the most benefit when they access an infected system as a user. The golden ticket here is to obtain credentials, access rights, passwords, user accounts and permissions. In fact, one of the most commonly used hacking tools is called the “golden ticket.” Have you heard of Mimikatz? If you haven’t, please check it out.
Unverified or compromised access is what the opponent wants-it provides them with the key to the kingdom. A good username and password are just what you need. From a strategic point of view, it makes sense to eliminate what bad guys want to use the most.
Use zero trust strategy principles to manage access control
A long-standing creed of zero trust is that everything will be compromised unless it is proved otherwise. At some point, for some reason, the asset or entity will be ejected-period.
Therefore, we must limit their ability to move laterally in the damaged system. If we can allow hackers to “stay” on the hacker’s machine or bind to a user account with limited permissions, we can mitigate the attack by isolating the hacked machine or user from the rest of the network.
Apply zero trust access in the cloud system
Data and trends tell us that the cloud is the future of enterprises and businesses. The cloud infrastructure approach has huge advantages; it also has huge potential compromise paths. As cloud data storage and repositories grow, more data is available for attackers to target and destroy.
Vendors and third parties often access enterprise cloud systems with little (if any) visibility and control, and bring their own security vulnerabilities. This is equivalent to someone walking into your house in dirty shoes-they may not want to have mud all over your clean floor, but when they take off their shoes, it is too late and you leave to clean up the mess.
Use access management to develop a zero-trust infrastructure
Think big. From the little things. And move quickly. This should be the mantra for enabling zero trust for your system.
Think big. Consider the problem you are facing and everything you need to solve it from a grand strategy level. If you are solving access management and cloud security issues, put these issues first when you strategically enable zero trust.
From the little things. Highly focused on what to do first. Don’t start an access management project with 500 users; start at 25. Or just 5. Do the little things right, get as close as possible to perfection, and then make progress.
And quickly expand. This is where the beauty of technology shines. Many vendors can provide the technology you need to run quickly and at scale in the cloud. Use their solutions to expand your work, optimize your budget, and manipulate resources as you expand. Remember: do the little things right. Then, you can quickly expand and leverage supplier solutions to advance a zero-trust strategy in accordance with your business needs.
Once an enterprise deals with access management, it usually resolves isolation and segmentation at the micro level. Small and medium-sized enterprises usually try to solve the boundary problems of device state management and software definition first, because they directly affect users and are easier to solve.
The final stage of most zero-trust evolution involves data security. Data is the shortest and most ethereal asset created by an enterprise. Trying to lock down such dynamic assets before solving the access management problem of defining how and who accesses the data is similar to putting a cart in front of a horse.
Finally, we must remember the opponent, the hacker. The hacker wants you to be ignorant of what is happening in the system. They are chasing golden tickets. If you do not control your access and privileges, you are actually giving it to them.
