What Exactly Is Zero Trust?
Traditional cybersecurity defenses, although effective, have allowed for breaches to occur due to misconfigurations and lack of integration. This has caused for the need for the addition of an operational philosophy that trusts no user or machine. Zero trust (ZT) is an operational philosophy that combines least privilege with policy and process to allow users access to only the resources that are required and based on context of machine, user id, time of day, etc.
Accord to NIST, “A zero trust architecture is designed and deployed with adherence to the following zero trust basic tenets.”
Basic Tenants of Zero Trust
- All data sources and computing services are considered resources.
- When access is granted in a ZTA network, it is the least amount of access required and sessions are kept to a minimal time; no more blanket authorizations. For every resource, the lowest level of access and data must be secured, encrypted, monitored and controlled.
- All communication is secured regardless of network location.
- Access to individual business resources is granted on a per-session basis.
- Access to resources is determined by dynamic policy and may include other behavioral and environmental attributes.
- The enterprise monitors and measures the integrity and security posture of all owned and associated assets.
- All resource authentication and authorization are dynamic and strictly enforced before access is allowed.
- The business collects as much information as possible about the current state of assets, network infrastructure and communications and uses it to improve its security posture.
For ZTA to be effective businesses are required to continuously monitor access and look for indicators that might imply trust should be revoked. This is why it is imperative for businesses to have continuous monitoring, and event alerting mechanisms in place to identify potential unwanted access and connections to their business environments.
When implementing a ZTA architecture, consider the strategy that fits your business. Based on your needs, we can properly sequence the appropriate tools, training, and services to ensure the strategy is executed well. Contact ACE IT Solutions at 646.558.5575 or firstname.lastname@example.org for questions about deploying a zero trust architecture in your organization.