Every Zero Trust strategy follows this simple principle: never trust, always verify. Building a Zero Trust architecture prevents cybersecurity attacks and data breaches using protect surfaces. Organizations build many of these protect surfaces around their most valuable data, assets, applications, and services (DAAS), significantly reducing the overall attack surface to better protect their businesses.
These 3 Simple Concepts to Consider with Zero Trust have remained the same since John Kindervag coined the term “zero trust” in 2010. They are:
- Access control
- Logging and inspection
Let’s first explore the concept of trust.
Concept 1: Trust
The “never trust, always verify” concept centers on Kindervag’s claim that removing trust from a network makes it natural to ensure secure access to all DAAS elements, regardless of who creates traffic or where it comes from. Eliminating trust means assuming that all traffic is a threat until it has been verified that it is authorized, inspected, and secured. Kindervag suggests starting with the protect surfaces that need protection and working your way outward.
Concept 2: Access Control
The second concept, access control, should help determine who needs access to a specific resource to do their job. Many organizations give too many users access to sensitive data instead of implementing the Principle of Least Privilege. This principle states that a user should only be granted access to those privileges necessary to complete a task. If they don’t need access, they shouldn’t be given access.
In a Zero Trust architecture, a user asserts their identity and will then be granted access to a particular resource based on that assertion. They’re restricted to the resources they need to perform their job only. Kindervag suggests using the Kipling Method to create easily understandable access policies.
Concept 3: Logging and Inspection
The third concept dives into the “always verify” part of zero trust. Instead of inherently trusting users to do the right thing, you must verify they are doing the right thing. You can do this by logging and inspecting all traffic coming to and from protect surfaces for malicious content and unauthorized activity (through Layer 7).
Instead of taking a reactive approach, logging and inspection in a Zero Trust environment is proactive, acting as a foundation for real-time protection and ensuring you deploy all your protect surface policies correctly.
Ready to Deploy Zero Trust?
Are you ready to implement a Zero Trust environment in your organization? We work with partners like On2It to walk through these three concepts, the Kipling Method, and implementation to ensure your business is as secure as possible. So, if you’re ready to move to a Zero Trust architecture, contact us today to get started.