Zero Trust Is The New In-Thing In Cybersecurity
“If I have 20 calls, 17 are about Zero Trust. CISOs, CIOs, and CEOs are all interested, and companies of various sizes are interested.” - Principal analyst at Forrester
Zero Trust Architecture was a model created in 2010 by John Kindervag. As data security has become the need of the hour given the world's current situation, organizations are implementing the Zero Trust framework by the dozen.
Let's learn from Mary K. Pratt as she explains what Zero Trust means. The summary of her article is as follows -
Studies have found that the global average cost of a data breach is $3.62 million and have predicted that cybercrime will cost the world $6 trillion annually by 2021.
Zero Trust is a policy of not trusting anything within or outside an organization and having proper verifications before granting access to its systems. It’s a ‘guilty until proven innocent' policy.
Zero Trust is a sea-change from the current attitude that everything inside an organization didn’t pose a threat and was cleared for access.
Given the rise of the Cloud, not all the applications used by an organization are on-premises, and a lot of them are accessed from the Cloud creating a further need for Zero Trust.
The process of Zero Trust involves identifying a user, ensuring that they’re coming from a secure endpoint, and having a conditional policy stating that the level of access the user has.
Some standard Zero Trust technologies are MFA, IAM, orchestration, analytics, encryption, scoring, and file system permissions.
What We Think?
As cloud adoption increases and critical data storage gets more and more dispersed, CIOs, CIOs, and other IT heads of organizations should embrace a change in mindset quickly and welcome Zero Trust. Once they change their attitude of implicitly trusting what's inside an organization, they can draw out strategies and implement technologies to apply the Zero Trust policy to their organization.
Read the full article here.