It is a security model/framework in which no identity/machine is trusted by default. Every identity needs to be continuously verified and authorized to access the resources (on-premise, cloud or hybrid). This framework was defined in 2010 by John Kindervag, who at the time was a principal analyst at Forrester Research Inc.

Why zero trust security model is the way forward for organizations?

As the modern work force is adapting and enabling remote work, teams expect access to systems from everywhere. Leading to a major problem anyone can access a network, data and application with correct credentials. To overcome this concern and to have better control and visibility, zero trust security model is the way forward.

Steps to implement zero trust security model/framework

Z Secure suggests a three step approach to achieve zero trust.

1) IAM (Identity and access management)

As mentioned above no identity is trusted and all identities needs to be verified before giving access to any resource, to achieve this IAM plays a major role. IAM is critical in implementing zero trust as it is key service which authenticates and authorizes users to access the resources.

Please follow the below points for all user identities to ensure secure authentication

  • Allowable IP addresses from which the request can come from for each user
  • MFA (Multi-factor authentication)

Please follow the below points to authorize user identities

  • Use the 4 eyes principle to approve access to mission critical resources and services
  • On demand micro segmentation of resources and services during active user sessions

2) Monitoring for malicious activities

To maintain robust security posture, organizations should monitor
  • Devices/Resources
  • Users
  • Network
  • Data
to Detect
  • Malicious activity
  • Privileged accesses and its surrounding activities
Once malicious activity is detected.
  • Automated isolation of suspected device, user, network and resource should be initiated

3) Data protection

Data protection is essential in achieving zero trust security for all organizations. Data must be protected in rest, use and transit
    Follow below steps to achieve a robust data protection process
  • Identify data life cycle of all your data
  • Data classification by sensitivity
  • Based on classification enable DLP (data loss prevention), encryption, logging and backup

For much more in depth knowledge on zero trust please go through following link from Forrester Research Inc. read more