Zero Trust is a strategic security initiative that helps prevent data breaches by eliminating the concept of trust within an organization’s network architecture . It is based on something as seemingly simple as the “never trust, always verify” principle.
In this way, Zero Trust is designed to protect modern digital environments by taking advantage of network segmentation, preventing lateral movement, providing threat prevention at the application layer, and simplifying granular control of user access.
Zero Trust is a concept that was designed by John Kindervag when he was Vice President of Forrester Research. The idea came from the realization that traditional security models worked under the assumption that everything within an organization’s network must be trusted. That is something that has certainly become obsolete.
The evidence is growing, and clearer, that it is quite accessible to question the security of a corporate network from within . There are dozens of possibilities to do this, from an insecure Wi-Fi network, a misconfigured device, a trivial password or, perhaps the most compromised point, the possibility of applying social engineering techniques to employees .
A study by Positive Technologies , published in 2018, revealed how vulnerable a company’s own employees are to relatively simple social engineering attacks. They tested more than 3,000 emails in various test attacks, including links to fake phishing sites , attaching (harmless) permissioned files, and other practices in those emails .
Also visit The Email shop to know about best vps hosting uk
They found that 26% of employees clicked on a link to a phishing website, plus about 50% of them and nearly half of them entered their credentials in a fake authentication form. 15% of employees opened a malicious file attached to an email and 12% were willing to communicate with intruders.
That gives us a pretty good idea of how vulnerable a corporate network is when all elements (including employees) are assumed to be 100% reliable. Also visit The Email shop to know about cheap web hosting uk
The “mistrust by default”, this is Zero Trust
The traditional security model, now obsolete, assumes that a user’s identity is not compromised and that all users act responsibly and can be trusted. In contrast, the “zero trust model,” or Zero Trust, recognizes that trust is a primary vulnerability.
Once inside the network, the users (among which we can include the agents of the threat, such as files or links, and the malicious users) have complete freedom of movement in all the “directions” and, thus, access the data, or extract it, since nothing limits it, except the specific permissions of the compromised user.
To establish the Zero Trust model in an organization, it is necessary to do a preliminary analysis and determine, among other things, the “protection surface”. This surface is made up of the most critical and valuable data, assets, applications and services we have. These surfaces are unique within each organization and company, and since it contains only what is most critical to an organization’s operations, the protection surface is much smaller than the attack surface. Also, it is always known.
With it identified, it is necessary to identify how traffic is moving through the organization, understand who the users are, what applications they are using and how they are connecting . That is the only way to determine and enforce a policy that ensures secure access to data.
Once all interdependencies are understood, controls will be established as close to the protected surface as possible, creating a microperimeter around it . This microperimeter also moves with the protected surface, wherever you go.
In this way, zero-trust security implies that no one is trusted by default, inside or outside the network, and that secure verification is required of everyone attempting to access network resources. Also visit The Email shop to know about buy domain name uk