Zero trust is a security framework that forces all users, irrespective of whether they are inside or outside the organisation’s network, to be authenticated, authorised, and continuously validated before being allowed to interact digitally, or maintain access to company applications and data.
Through this “never trust, always verify” approach, implicit trust is eliminated, and modern environments are protected. Zero trust also removes the traditional network edge, as networks can be on-premise, in the cloud, or hybrid models, with resources accessed by employees who are all over the place.
At least 50% of modern enterprises say they have zero trust plans, although these actual plans range from active projects to implement the architecture, down to a “plan to have a plan, sometime”, says Ian Farquhar, field chief technology officer (global), at Gigamon in Australia.
So what is zero trust really? Farquhar says many vendors will say it’s simply buying their firewall, or implementing their endpoint detection and response tool, or micro-segmenting the network.
But is this the case? Farquhar asks. “The NIST SP 800-207 standard is the US Government’s definition of zero trust and what is described isn’t one product, or one technology, but a completely different way of thinking about trustworthiness and security.”
He says zero trust doesn’t actually specify a single architecture but a series of requirements and approaches which can be modified to meet an organisation’s unique requirements. “Zero trust is a new way of thinking: not a product, but a challenge to security architects to change. Let’s rise to the challenge.”
To further unpack zero trust and what is happening in this area, Farquhar will be presenting an international keynote address on “Zero Trust – what does it mean?”, at the ITWeb Security Summit 2022, to be held from 31 May to 2 June at the Sandton Convention Centre.
Share