The Pentagon is taking cybersecurity to the next level — and they’re helping organizations of all kinds do the same. Here’s how the U.S. Department of Defense is implementing zero trust and why this matters to all businesses and organizations.
But first, let’s review this zero trust business.
What is Zero Trust?
Zero trust is the most important cybersecurity idea in a generation. But “zero trust” is itself a bit of a misnomer.
It’s not about whether a person or device is trusted. It’s really about no longer using trust or distrust as a test for access. In the perimeter-security past, anyone inside the firewall was assumed to be an authorized user using authorized devices. The zero trust model doesn’t privilege users inside firewalls but instead defaults to no access for each user — to applications, API data, servers and more — unless they can authenticate their devices and themselves each time they connect via dynamic policies that use multifaceted contextual data.
Zero trust demands strong identity and access management systems that minimize effort and inconvenience on the part of users. It calls for the micro-segmentation of networks into smaller zones to contain malicious actors who breach the network. And finally, implementing zero trust is a journey, not a destination, demanding real-time monitoring and threat detection (preferably AI-based) to identify and respond to potential security threats. This can involve the use of security analytics tools, machine learning algorithms and other technologies to identify and respond to potential threats in real-time.
Many people contextualize zero trust as a business enterprise architecture. But the Pentagon’s plans are extremely interesting.
DoD Guidelines and Recommendations
The U.S. Department of D ..
Support the originator by clicking the read the rest link below.
