What is Zero Trust?
Today’s modern IT environment typically has: remote workers, cloud and mobile devices making the traditional security model of a strong perimeter not adequate when you consider the diverse new cyber threats that appear regularly.
Zero Trust starts with the premise:
- Don’t trust anyone or anything
- Assume compromise has happened
- Assume there is no traditional network edge
All of the 3 leading security standards support Zero Trust: ISO 27001, SOC 2 and NIST. According to NIST 800-207, the key elements of Zero Trust are:
1. Continuous Verification
- Provide access per session only for the time needed to perform the work and demand authentication for every device, user, application and network flow
- Ensure continuous compliance to policies for both users and systems
2. Minimize the impact if a breach does occur
- Use network segmentation to prevent spread
- Always use the least privilege principle only providing users or system accounts enough rights to their task
3. Automate Monitoring, Collection of Information and Response Taking a Holistic View
- Monitor continuously security throughout all layers: users, endpoints, network, applications, cloud
- Monitor continuously user behavior: logins, unusual activities
- Monitor workloads, data sources
- Collect threat intelligence
- Automate analysis and alerts and ensure reviews
- Automate responses such as preventing a user access to an application, isolating suspected endpoint or disabling accounts
- Implement dynamic policies by assessing risks and modifying for users, devices, etc.
Contact Nova to find out more about your organization’s path to Zero Trust. We can help you.