Podcast: Play in new window | Download
In Today’s episode we are highlighting Zero Trust. We are going to discuss what is and what it isn’t. We are then going to talk about the specific steps to start your journey towards a Zero Trust world. Lets jump in my friends!
What is Zero Trust?
Zero Trust is a different thought process and general philosophy around security. It’s a shift from Threat Centric security to Trust Centric Security and I will explain that in a little bit, but first let’s discuss the Zero Trust foundational Pillars.
Zero Trust Pillars
There are nine Foundational Pillars:
- Being on a network does not imply access
- Every access to any resource is authorized based on a dynamic evolution of trustworthiness of said resources
- Authorization moves from session based to transaction based
- The network is always assumed to be hostile
- External and Internal threats exists at all times
- Every device, application, user, and network flow is authenticated and authorized
- Automation systems are what allow a Zero Trust network to be built and operated
- Policies must be dynamic and calculated from as many sources of data as possible
- All activity is logged
In a Zero Trust world resources include users, devices, applications, data, data flow, workloads, sessions, and transactions.
Embrace Zero Trust
To embrace these nine pillars is to literally change our governance and security models from the last decade, and in some cases even longer. I mentioned Threat and Trust centric at the beginning, now let’s explain what I mean by these terms:
Trusted – Legacy way of doing Security
- Network is trusted
- Threat Centric
- IP Based ACL Control
- Static Policy & limited Segmentation
- Harden Perimeter Security
You literally have an internal “Trusted” network and an external “un-trusted” network. Think of how we have done firewall rules for years, we have an inside interface that is trusted and an outside interface that is untrusted. This forms our perimeter Trusted Architecture, its like a turtle shell that never moves!
Zero Trust – New way of doing security
- Eliminate Network Trust
- Trust-Centric
- Identity Based Access Control
- Dynamic Policy & Segmented Network Access
- Software-Defined Security Perimeter
- Security Visibility and Analytics
Zero Trust creates a Perimeter-less Security Architecture. Now your Turtle shell is no longer in one spot but everywhere.
Zero Trust: Where to start
Below are some basic steps to complete to get you on your way towards a Zero Trust world
- Authenticate your users, devices, and applications first. Then do it continuously!
- Enable segmentation of your infrastructure at layer 2 (Micro Segmentation)
- Reduce the number of security vendors
- Know your compliance requirements (PCI, HIPAA, etc..)
- Understand and assess your risks (Risk Management)
- Focus on business enablement all of the time
- Leverage existing footprint
Work with me:
Through your participation in a healthy mentoring and coaching relationship, you will benefit greatly from the education, the experiences, the influences, leadership and even the resources provided. Learn how you can accomplish more, in one year, than you could accomplish in your career…in your business…and in your life.
Accomplish More Now!!
Provide Feedback
- You can leave a comment on the blog!
- You can leave a voicemail at (617) 913-4103
- You can email us at Feedback@zigbits.tech
Transparency:
This post may contain affiliate links to products or services were I may receive a level of compensation from your actions by following those links. This is seamless to you and does not add any additional cost to the products or services in question. In addition, I do not let any affiliate relationship cloud my judgement or my recommendation of a product or service. My recommendations will always be above reproach. This is my commitment to you Ziglets!