Zero Trust presents us with a new paradigm in the way we protect our organizations, our data and our employees, being a security model based on the premise of not trusting anyone blindly within the network, as well as denying access until have been validated and legitimized as authorized. It supports the implementation of least privileged access, which is designed to selectively grant access only and exclusively to those resources that users or groups of users need.
While it is difficult to pinpoint the tipping point, one thing is certain: what was once extraordinarily difficult has become everyday today. Data breaches are no longer extraordinary. In recent years, major companies such as HBO, Uber, Deloitte, HP, Oracle, video game companies and many others have received a large number of targeted attacks and this has shown us that any organization, whether public or private, is susceptible to attacks.
Traditional perimeter security relied on firewalls, VPNs, and gateways to separate trusted zones from untrusted users. But as mobile employees began to access the network through their own account, with their own devices, blurred perimeters began to be created. And like inri, these perimeters practically disappeared with the rise of cloud computing and IoT devices. We could say that we are in that moment, where the benefits of these technologies outweigh the perceived risks.
Implementing a Zero Trust model protects private applications and network assets, while dramatically reducing risks such as malicious internal users and compromised accounts. When designing a Zero Trust strategy for remote access to an environment, this strategy is called Zero Trust Network Access or ZTNA. This offers the following functions:
▸Strong authentication
▸Efficient protection of remote user access
▸Reduction of possible infractions and damages
▸Protection of sensitive data and intellectual property
▸Accelerating a transition to the cloud
▸Security transformation: initiating the replacement of VPNs and adopting software solutions
See also:
Administer and Manage security risks
[…] reads:Zero Trust policies – What is their functionIoT – Also known as Internet of […]