Sign up to save your podcasts
Or
Share Zero Trust Tenants
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Zero Trust Tenants
What is Zero Trust?
Zero Trust is a cybersecurity concept that suggests that organizations
should not automatically trust any user, device, or network, even if
they are inside the network perimeter. Instead, all access to resources
should be strictly controlled and verified based on the principle of
least privilege.
The idea behind Zero Trust is that traditional network security models,
which rely on perimeter defenses to keep out external threats, are no
longer sufficient in today’s connected world. With the proliferation of
mobile devices and cloud services, it is increasingly difficult to
define a clear perimeter, and attackers can easily gain access to an
organization’s networks and systems from within.
By adopting a Zero Trust approach, organizations can better protect
themselves against these types of attacks. Instead of relying on
perimeter defenses, they can implement granular access controls that are
based on the specific actions and resources a user is trying to access.
This can help prevent unauthorized access and reduce the risk of a
security breach.
With all of the huff and puff around Zero Trust, it is frustrating when
vendors claim that their product is a Zero Trust “Solution.” For
example, in a post this morning, a connection of mine shared some of the
technical solutions to help achieve a Zero Trust approach but skipped
the first steps of the Zero Trust Design Principles.
According to the Zero Trust Principles by John Kindervag, you start with the following:
* Define the protect surface (which you need to work with the business to understand the critical things to watch)
-> There will be more than one “protect surface” and potentially
more than one “protect surface” for a given business application
*
*
Map the transaction flows (which means understanding the business
processes, how they flow, and they can be best designed considering any
constraints)
->Look at What needs to be protected, Who needs access, When they need access, and Why they need access.
*
->Look at What needs to be protected, Who needs access, When they need access, and Why they need access.
*
Architect a Zero Trust environment ( which means combining the protect
surface, transactions flow, and an environment that includes access zero
open access to people/systems that do not need access)
* Create Zero
* Create Zero
Trust Policies (the formal design, governance, playbooks, incident
response, etc., which will determine the way the systems are created)
*
*
Monitor and maintain (which ensures that the Zero Trust policies are
managed, enforced, and continue to function in the manner designed, if
not, the process for that protected surface should be re-designed).
As you can see, Zero Trust is a design strategy that leads to something that can be managed and measured. Adding
tools to the stack will not equal a Zero Trust environment if the
protect surfaces and transaction flows are not designed with Zero Trust
in mind.
Zero Trust Design PrinciplesZero Trust Principles by John Kindervag
---
Send in a voice message: https://podcasters.spotify.com/pod/show/breakingintocybersecurity/message
View all episodes
By Christophe Foulon | Renee Small | breakingintocybersecurity.org
4.6
2525 ratings
What is Zero Trust?
Zero Trust is a cybersecurity concept that suggests that organizations
should not automatically trust any user, device, or network, even if
they are inside the network perimeter. Instead, all access to resources
should be strictly controlled and verified based on the principle of
least privilege.
The idea behind Zero Trust is that traditional network security models,
which rely on perimeter defenses to keep out external threats, are no
longer sufficient in today’s connected world. With the proliferation of
mobile devices and cloud services, it is increasingly difficult to
define a clear perimeter, and attackers can easily gain access to an
organization’s networks and systems from within.
By adopting a Zero Trust approach, organizations can better protect
themselves against these types of attacks. Instead of relying on
perimeter defenses, they can implement granular access controls that are
based on the specific actions and resources a user is trying to access.
This can help prevent unauthorized access and reduce the risk of a
security breach.
With all of the huff and puff around Zero Trust, it is frustrating when
vendors claim that their product is a Zero Trust “Solution.” For
example, in a post this morning, a connection of mine shared some of the
technical solutions to help achieve a Zero Trust approach but skipped
the first steps of the Zero Trust Design Principles.
According to the Zero Trust Principles by John Kindervag, you start with the following:
* Define the protect surface (which you need to work with the business to understand the critical things to watch)
-> There will be more than one “protect surface” and potentially
more than one “protect surface” for a given business application
*
*
Map the transaction flows (which means understanding the business
processes, how they flow, and they can be best designed considering any
constraints)
->Look at What needs to be protected, Who needs access, When they need access, and Why they need access.
*
->Look at What needs to be protected, Who needs access, When they need access, and Why they need access.
*
Architect a Zero Trust environment ( which means combining the protect
surface, transactions flow, and an environment that includes access zero
open access to people/systems that do not need access)
* Create Zero
* Create Zero
Trust Policies (the formal design, governance, playbooks, incident
response, etc., which will determine the way the systems are created)
*
*
Monitor and maintain (which ensures that the Zero Trust policies are
managed, enforced, and continue to function in the manner designed, if
not, the process for that protected surface should be re-designed).
As you can see, Zero Trust is a design strategy that leads to something that can be managed and measured. Adding
tools to the stack will not equal a Zero Trust environment if the
protect surfaces and transaction flows are not designed with Zero Trust
in mind.
Zero Trust Design PrinciplesZero Trust Principles by John Kindervag
---
Send in a voice message: https://podcasters.spotify.com/pod/show/breakingintocybersecurity/message
More shows like Breaking Into Cybersecurity
View all
The Joe Rogan Experience
229,674 Listeners
The Knowledge Project
2,672 Listeners
Security Now (Audio)
2,011 Listeners
CyberWire Daily
1,028 Listeners
Smashing Security
317 Listeners
The Daily
113,121 Listeners
Darknet Diaries
8,077 Listeners
Crime Junkie
369,956 Listeners
Cybersecurity Today
175 Listeners
The Shawn Ryan Show
46,368 Listeners
Cybersecurity Headlines
139 Listeners
Cybersecurity Basics
15 Listeners
Get Hired In Cyber Security
39 Listeners
The Mel Robbins Podcast
20,222 Listeners
Cybersecurity Uncomplicated
6 Listeners