Blog

Zero Trust is an Approach not a Technology Product- History, Principles and Types

Zero trust is a security model based on the premise that no one is blindly trusted and allowed to access

Author: ProtecteraMarch 21, 2022

Zero trust is a security model based on the premise that no one is blindly trusted and allowed to access company assets until they have been validated as legitimate and authorized. It is designed to selectively grant access to only the resources that users or groups of users require and nothing more. This is known as ‘least privilege access’. Also, those who are granted access to the network, data, and other assets are continuously required to authenticate their identity.

The rise of mobile and remote workers and cloud services has accelerated the adoption of zero trust. These trends reduced the ability of the organization to control and secure access to data and network resources. Zero trust brings this control back.

History of Zero Trust

The term “zero trust” was coined by Forrester analyst John Kindervag. In his research, he explained the importance of inherent “non-trust” when dealing with network traffic, no matter where it comes from. However, many of the notions expressed in zero trust networking can trace their origins to a much earlier concept, put forth in 2004 by the Jericho Forum, called de-perimeterization.

Principles of Zero Trust

The 3 core principles of the zero-trust model are-

  • Grant the least amount of privileges- The basic principle of zero trust centers around the idea of granting the least amount of privilege without impacting an individual’s ability to complete their tasks.
  • Never trust, always verify- No action or user is inherently trusted within a zero-trust security model.
  • Always Monitor- Zero trust requires consistent monitoring and evaluation of user behavior, data movements, network changes, and data alterations.

Types of Zero Trust

Currently there are two distinct applications for the zero-trust model-

  • Zero Trust Network Access- Zero Trust Network Access (ZTNA) is a zero-trust solution for remote access to an environment. It is a modern way to secure access to the network. It uses a cloud-first, software-based approach to replace the hardware of legacy VPNs.
  • Zero Trust Data Protection- Zero Trust Data Protection (ZTDP) is a new security framework. It is defined as an application of the core principles of zero trust in order to guard your data from unauthorized viewing, movement, alteration, and exfiltration.

Zero Trust has emerged as a core strategy in enterprise security. To plan your Zero Trust strategy contact us at contact@protectera.com.au

Related Blog

Blog

Mental Resilience: A Cornerstone of Cyber Defense

How Mental Resilience Complements Technology in Defending Against Cyber Threats

Read More
Blog

API Security in Focus: Why Attacks are Surging

APIs (Application Programming Interfaces) play a pivotal role in modern digital services, bridging diverse systems and enabling dynamic interactivity

Read More
Blog

Cracking the CVE Code: A Primer on Cyber Vulnerabilities & Exposures

When it comes to cybersecurity, the Common Vulnerabilities and Exposures (CVE) system, managed by MITRE Corporation, plays a vital role

Read More