“Zero trust" is increasingly being heralded as the ultimate solution for organizational cyber safety and resilience — but what does it really mean, and how can you assess if it has a practical place in your organization's cybersecurity strategy for 2022?
In this post, we'll answer those questions by taking a look at what problems the concept of zero trust is trying to solve, what types of people, process, and technology are necessary for successful zero-trust implementations, and what mindset changes your organization many need to make to be fully ready for this new defender paradigm in the year to come.
What is zero trust?
At the core, the concept of zero trust is just what those two words suggest: every human, endpoint, mobile device, server, network component, network connection, application workload, business process, and flow of data is inherently untrusted. As such, they each must be authenticated and authorized continuously as each transaction is performed, and all actions must be auditable in real time and after the fact. Zero trust is a living system, with all access rules under continuous review and modification, and all allowed transactions under constant re-inspection.
What problems is zero trust trying to solve?
Zero trust aims to finally shatter the mythical concept of “castle and moat" (i.e., assuming individuals and components on the intranet are inherently safe) and fully realize the power of least privilege — the concept that individuals and components should only have the most minimal access necessary to perform a required action. We can see it better through the lens of a practical example, such as one of the most typical ransomware attack scenarios: an attacker gains initial access to a corporate network through ..
Support the originator by clicking the read the rest link below.
