This is a complicated hybrid network with multiple vulnerabilities, and you can’t just protect it with a simple firewall the way you would if all your assets were inside the Head Office. Zero trust architectures can help.
Credit: N. Hanacek/NIST
If you’re trying to secure your organization’s computer network from cyberattacks, traditional approaches may not work. Gone are the days when you could keep all your electronic assets inside a single building and construct a firewall between them and the wider internet. Now you have remote workers logging in from distant cities and cloud-based software applications running elsewhere in a data center. You’ve heard that your best bet for protecting all these far-flung assets is to create a zero trust architecture (ZTA), which assumes that no user or device can be trusted, regardless of its location or previous verification.
So how do you start?
Helping answer that question is the goal of newly finalized guidance from the National Institute of Standards and Technology (NIST). Implementing a Zero Trust Architecture (NIST Special Publication (SP) 1800-35) shows you how others have built ZTAs so that you can build your own. Developed through a project at the NIST National Cybersecurity Center of Excellence (NCCoE), the publication offers 19 example implementations of ZTAs built using commercial, off-the-shelf technologies. It also offers results and best practices from the 24 industry collaborators who participated in the project.
“Switching from traditional protection to zero trust requires a lot of changes. You have to understand who’s accessing what resources and why,” said Alper Kerman, a NIST computer scientist and co-author of the publication. “Also, everyone’s network environment ..
Support the originator by clicking the read the rest link below.
