This blog was written by a third party author
What is Zero Trust?
Zero Trust is a cybersecurity model with a tenet that any endpoint connecting to a network should not be trusted by default. With Zero Trust, everything and everyone— including users, devices, endpoints —must be properly verified before access to the network is allowed.
The protocols for a Zero Trust network ensure very specific rules are in place to govern the amount of access granted, and are based upon the type of user, location, and other variables. If the security status of any connecting endpoint or user cannot be resolved, the Zero Trust network will deny the connection by default. If the connection can be verified, it will be subject to a restrictive policy for the duration of its network access.
Zero Trust networks operate under the least-privilege principle, in which all programs, processes, devices or users are limited to the minimum privileges required to carry out their functions. Access rights don’t need to be too restrictive; privileges can range from full access to no rights at all, depending on the circumstances.
Think of it like the government or military’s “need-to-know” policy.
It’s essential to make the distinction that Zero Trust is not a technology and more of a holistic approach to network security. However, achieving ZTA in today’s threat landscape does require some form of automation, especially in support of a dynamic policy, authorization and authentication. Automated technology is an essential tool for obtaining access, scanning and assessing threats, adapting to behavior changes, and continually re-evaluating confidence in communications.
Where did Zero Trust begin?
The concept of Zero Trust is largely credited to Forrester Research analyst John Kindervag, wh ..
Support the originator by clicking the read the rest link below.
