Like rust, risk never sleeps. As mobile devices flood the enterprise (especially for a younger generation of workers), the internet of things (IoT) expands, and cybercriminals grow in both numbers and sophistication, many security professionals think zero trust is the safest approach to defending against constantly evolving network and data security threats.
Network vulnerabilities can be found in the most unlikely places. Bloomberg Businessweek, for example, described a case in which an internet port in a hotel room’s motorized, remote-control curtains offered access to the hotel’s internal computer systems. Fortunately, a cybersecurity contractor discovered that particular security gap during an audit, but the lesson rings true: In today’s connected world, unlocked doors, backdoors and trap doors could be almost anywhere.
What Is Zero Trust Security?
The term zero trust was coined in 2013 by analysts at Forrester Research in a report submitted to the National Institute of Standards and Technology (NIST), which had sought input from technology experts as part of a U.S. government cybersecurity initiative. Forrester, citing a new environment in which “changes like mobility and big data have made ‘building stronger walls’ an expensive farce that will not adequately protect networks,” introduced the concept of zero trust, urging organizations to “make security ubiquitous throughout the network, not just at the perimeter.”
Zero trust refers to both a set of practices and a network design philosophy, which “demands that you build security into the DNA of your IT architecture by investing in situational awareness and develo ..