Few people would seriously dispute the advantages of a zero-trust security model, particularly in a fast-changing cloud environment with business being conducted by a dispersed workforce using a wide variety of devices. The question is how best to approach zero trust. While there is still no specific definition or standard for a zero-trust model, two primary approaches have emerged: one taking a network-centric approach, the other a data-centric approach. The latter is the better choice.
Zero trust has gained a lot of ground since the term was coined by a Forrester Research analyst in 2010 (though its foundations go further back to ideas that percolated out of the Open Group's Jericho Forum). Google helped popularize the approach with its BeyondCorp framework, but it's still mostly a goal for CISOs rather than a widespread practice. No organization has completely implemented a zero-trust model, though organizations clearly recognize the need for it.
With the prevalence of cloud computing and an ever-increasing number of remote workers as well as mobile and Internet of Things devices, enterprises have long since outgrown their network perimeter. Employees work anytime, from anywhere. Organizations share information, sometimes in situations where they must cooperate with their competition. And even if an organization stores its data with a third party in the cloud, that organization is still responsible for securing that data. Add to that a dynamic threat landscape that is constantly growing in speed, scale, and complexity, and the ..
Support the originator by clicking the read the rest link below.
