Zero Trust

What is Zero Trust?

Today’s modern IT environment typically has: remote workers, cloud and mobile devices making the traditional security model of a strong perimeter not adequate when you consider the diverse new cyber threats that appear regularly.
Zero Trust
Zero Trust starts with the premise:

  • Don’t trust anyone or anything
  • Assume compromise has happened
  • Assume there is no traditional network edge

All of the 3 leading security standards support Zero Trust:  ISO 27001, SOC 2 and NIST.  According to NIST 800-207, the key elements of Zero Trust are:

1. Continuous Verification

  • Provide access per session only for the time needed to perform the work and demand authentication for every device, user, application and network flow
  • Ensure continuous compliance to policies for both users and systems

2. Minimize the impact if a breach does occur

  • Use network segmentation to prevent spread
  • Always use the least privilege principle only providing users or system accounts enough rights to their task

3. Automate Monitoring, Collection of Information and Response Taking a Holistic View

  • Monitor continuously security throughout all layers: users, endpoints, network, applications, cloud
  • Monitor continuously user behavior: logins, unusual activities
  • Monitor workloads, data sources
  • Collect threat intelligence
  • Automate analysis and alerts and ensure reviews
  • Automate responses such as preventing a user access to an application, isolating suspected endpoint or disabling accounts
  • Implement dynamic policies by assessing risks and modifying for users, devices, etc.

Contact Nova to find out more about your organization’s path to Zero Trust.  We can help you.

Top

Your browser is out-of-date. Please download one of these up-to-date, free and excellent browsers

For more security, speed, comfort and fun.