#InfosecurityOnline: The Three Key Elements of Zero-Trust

Speaking during the Infosecurity Online event Manja Kuchel, senior product marketing manager at SolarWinds, outlined the three key elements of an effective zero-trust approach to security within organizations.

The first is risk assessment, Kuchel said, which involves defining where your sensitive data is located and who should have access to what.

“This is something that no tool can do for you, because this is an internal ‘home work’ type of process,” she explained. “You really need to sit down and analyze your sensitive data; this can be done on a personal, identity or departmental level, depending on the size of the company or title structure.

“This should bring executive-level managers and IT administration together – this needs to be a cross-company approach.”

Once that has element is established, the next step in the zero-trust process focuses on risk management, explained Kuchel. This includes defining access rights, taking into account identities and profiles, the types of resources being accessed and levels of access privilege.

“There are various tools that can help here – but the aim is to manage your risk situation and look into what you can do to limit access rights and limit access to information.”

The third and final step centers around risk containment: detecting, monitoring and responding to incidents.

“You should detect unusual security events; whenever something is happening, a user plugging in a USB stick that is against company policy [for example], you and the user should be alerted. Administrators should then be able to respond to such ..

Support the originator by clicking the read the rest link below.