What is Zero Trust Cybersecurity?
Confusion about what Zero Trust Cybersecurity is makes it harder to implement.
At its core, Zero Trust is a concept and shift in how organizations approach the idea of security and data privacy.
It’s not one product or piece of software, rather an approach that assumes breach and secures your organization by requiring users prove they are who they say they are and be granted gated access accordingly.
As explained in a recent article from WIRED, “What is Zero Trust” the approach eliminates the old moat & castle networking model and instead of trusting particular devices and assuming what’s inside your walls are safe, a Zero Trust methodology uses verification, network segmentation and least privilege to protect the enterprise.
Under the old model, all the computers, servers, and other devices physically in an office building were on the same network and trusted each other. Your work computer could connect to the printer on your floor or find team documents on a shared server. Tools like firewalls and antivirus were set up to view anything outside the organization as bad;everything inside the network didn't merit much scrutiny.
However, the explosion of mobile devices, cloud services,and remote/hybrid work have radically challenged those assumptions. Organizations can't physically control every device its employees use anymore. And even if they could, once an attacker slipped by perimeter defenses, the network would instantly grant them a lot of trust and freedom. “Outside bad, inside good.”
“Zero Trust is a concept, not an action.”
- Ken Westin, Security Researcher
Instead of trusting particular devices or connections from certain places, Zero Trust demands that people prove they are who they claim and should therefore be granted access. Typically, that means logging into a corporate account with biometrics or a hardware security key in addition to usernames and passwords to make it harder for attackers to impersonate users. And even once someone gets through, it's on a need-to-know or need-to-access basis. If you don't invoice contractors as part of your job, your corporate account shouldn't tie into the billing platform.
Zero Trust isn't a single piece of software you can install or a box you can check, but a philosophy, a set of concepts, a mantra,a mindset.
You still must implement things like device and software inventory, network segmentation, access controls.
Confusion about the real meaning and purpose of Zero Trust makes it harder for people to implement the ideas in practice. Proponents are largely in agreement about the overall goals and purpose behind the phrase, but busy executives or IT admins with other things to worry about can easily be led astray and end up implementing security protections that simply reinforce old approaches rather than ushering in something new.
Here at OWG, we work with our partner clients and help them engineer a true Zero Trust methodology throughout their IT ecosystem. If you have questions or would like to see if we can help your organization better protect its most critical data, email email@example.com or click here to set a time to speak.
Portions of this post were originally published at WIRED on September 14, 2021 www.wired.com/story/what-is-zero-trust/
More from the author
A Business Case for Zero Trust Cybersecurity
The medical community has always been at the front of the line when it came to technology integration. Now, as attacks on the healthcare industry explode, executive leadership, board members, doctors and practice administrators wonder what they can do differently. The answer - trust no one, ever! Here's how...
Next Gen Cloud for Midsize Accounting
Accounting firms are relatively conservative when considering a move to the Cloud. But with a hybrid workforce now a necessity, here’s how we helped one firm make the jump.
It’s Cyber Awareness Month… So!?
We believe cybersecurity (and business technology overall) are factors of an organization’s culture. As such, we recognize the importance of building awareness through communications, events and month-long campaigns that serve to remind, educate, and inspire us to take action.
What is Zero Trust Cybersecurity?
Instead of trusting particular devices or connections from certain places, zero trust demands that people prove they are who they claim.
Overwatch Group has evolved into a visionary technology consultingpractice that serves as a trusted partner to hundreds of leading organizations. We felt that it was finally time for our identity to reflect our mission,values, and vision for the future.
Amazon Sidewalk: Why and how to disable it
As the development of connected devices accelerates, big tech is facing a small problem. What happens when these devices lose their Wi-Fi connection and stop working properly? Things like pet locators, Ring Doorbells, security cameras, floodlights, your Alexa/smart speaker, and more. Their solution – Amazon Sidewalk. Here's why and how to disable the function immediately.