What is Zero Trust?

Today’s modern IT environment typically has: remote workers, cloud and mobile devices making the traditional security model of a strong perimeter not adequate when you consider the diverse new cyber threats that appear regularly.

Zero Trust starts with the premise:

• Don’t trust anyone or anything
• Assume compromise has happened
• Assume there is no traditional network edge

All of the 3 leading security standards support Zero Trust:  ISO 27001, SOC 2 and NIST.  According to NIST 800-207, the key elements of Zero Trust are:

1. Continuous Verification

• Provide access per session only for the time needed to perform the work and demand authentication for every device, user, application and network flow
• Ensure continuous compliance to policies for both users and systems

2. Minimize the impact if a breach does occur

• Use network segmentation to prevent spread
• Always use the least privilege principle only providing users or system accounts enough rights to their task

3. Automate Monitoring, Collection of Information and Response Taking a Holistic View

• Monitor continuously security throughout all layers: users, endpoints, network, applications, cloud
• Monitor continuously user behavior: logins, unusual activities
• Monitor workloads, data sources
• Collect threat intelligence
• Automate analysis and alerts and ensure reviews
• Automate responses such as preventing a user access to an application, isolating suspected endpoint or disabling accounts
• Implement dynamic policies by assessing risks and modifying for users, devices, etc.

Contact Nova to find out more about your organization’s path to Zero Trust.  We can help you.