Zero trust is a security concept where access to systems — both internally and externally — should demand authentication.
With Zero-trust architecture, organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to each system before granting access.
Zero-trust is a network architecture designed to cope with the fact that the traditional network perimeter is disappearing and with it, the value of conventional defenses.
What is it?
Key to adopting zero-trust architecture is the notion that inherent trust is removed from the internal network. Simply because people are connected to a network doesn't mean you should be able access everything on that network.
It’s common in breaches to see an attacker gain access to a network and then move through the rest of the system because everything, from that point on the network, is trusted. If you remove trust from the network, you must gain confidence in your users, device, and services. To achieve this, you must build trust in the users’ identity (through authentication), device health, and the services they access (authorization).
For zero trust to be effective, each person connected to a service is authenticated, and the device, user, and connection authorized against rules and policies. These policies assess the amount of confidence you have in a user and their device, regardless of where the connection request comes from, and grant access to resources accordingly.
What’s in for you?
Zero-trust architecture has two chief benefits.
Firstly, if we assume that hacking is a reality that most of us are yet to face, limiting that breach’s blast effect to the smallest possible attack surface is vital. This can happen when we drop the idea of a strong perimeter and a trusted interior. And as a result, you can minimize disruption to your organization.
Secondly, as the world moves to distributed cloud systems and edge computing, the notion of having a perimeter to secure dissolves. Zero-trust architecture provides a mechanism that enables you to operate securely in this new world.
What are the trade offs?
This is a change in approach that some security professionals feel uncomfortable with. Rather than a policy-making and product selection role, the job now requires software component security knowledge and more complex policy rollout.