Breaking Down Zero Trust: Implementation Be …
The White House’s Executive Order, “Executive Order on Improving the Nation’s Cybersecurity,” pushed in May of this year, included phrases and concepts that many cybersecurity professionals have been aware of for years. However, one of the biggest embraces from the federal order was in that of Zero Trust.
Namely, during the migration into cloud technology, the executive branch called upon federal agencies to adopt Zero Trust architecture, and tasked the Cybersecurity and Infrastructure and Security Agency with implementing and modernizing all cloud-computing environments with Zero Trust architecture.
In its definitions section, the White House described Zero Trust Architecture as:
“ … A security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgement that threats exist both inside and outside traditional network boundaries. The Zero Trust security model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information from multiple sources to determine access and other system responses.”
But as most cybersecurity professionals will tell you, Zero Trust is a highly complex concept that unifies various parts of the security infrastructure – and even a seasoned pro can find it overwhelming to take on a zero-trust architecture.
LIVE DISCUSSION: Join the Great Plains Virtual Cybersecurity Summit and submit your Zero Trust questions for our expert panel on this topic, happening on July 15 at 3:25 p.m.
According to the paper, Zero Trust was developed by Forrester Research Analyst Jon Kindervag in 2009, which did away with the notion of a trusted internal network and an untrusted external network – think, “castles and moats.” The Zero Trust model asserts three major principles:
- All resources must be accessed in a secure manner, regardless of location;
- Access control is on a need-to-know basis and is strictly enforced;
- Organizations must inspect and log all traffic to verify users are doing the right thing.
Okta, a Data Connectors Community Partner, has established the major steps necessary for getting started on Zero Trust. The foundation, they suggest, is to make identity the foundation for the architecture.
“Put simply, the core principle of Zero Trust is to ‘never trust, always verify.’ This ensures the right people have the right level of access, to the right level of resources, in the right context, and that eccess is assessed continuously – all without adding friction for the user,” according to the white paper.
To review the stages of development, refer to “Getting Started with Zero Trust,” and learn more about how Okta and other Data Connectors Community Partners suggests navigating this terrain at the Great Plains Virtual Cybersecurity Summit on July 15.
Recent news posts
What the Crypto Crash Means for Cyber Crime
Scaling, Improving and Automating Your GRC Strategy
CISA Issues Emergency Directive 22-03, Encourages VMware Updates
Cyber Fraud Task Force: Weekly News Update
Cloud Computing, Data Protection Top List of In-Demand Skills: ISACA Annual Report
Attend an Event!
Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.