For many years, the refrain "Trust but Verify" described how most organizations approached cyber security. The basic concept embraced a framework that assumed most people (or systems) would do the right thing and that security operators should be looking for anomalies. The problem was, there are wolves amongst the sheep and even the well-intended can make mistakes that result in security vulnerabilities and compromises. In a digital global economy, when things go wrong, the go wrong fast (and big). Enter "Zero Trust", a security operating philosophy that requires that every user and system must validate themselves as they access digital resources and continually validate themselves as they engage with these resources. There is NO trust in this environment. In keeping digital infrastructure and resources safe, constant authentication and validation are the order of the day... While an advance in many ways, Zero Trust pushes authentication to the role of gatekeeper in the security stack...
| less than a minute read
Zero Trust - A Concept Whose Time has Come...
The primary goal of a Zero Trust approach is to shift from “trust, but verify,” a common federal government phrase, to “verify, then trust.” Because there is no implicit trust in any entity. This methodology contends identity and context must be continuously evaluated. Zero Trust also assumes that any environment can be breached at any time and so must be thoroughly re-worked. This reduces risk and increases business agility by eliminating implicit trust and continuously assessing user and device confidence based on identity, adaptive access, and comprehensive analytics.