Can you trust Zero Trust?

Click for: original source

The days of implicitly trusting connected devices that are behind the traditional enterprise firewalled network with its “hard” perimeter are no longer. By Jason Soroko.

Risk officers and security professionals should consider ALL connected traffic to be on a hostile network. This requires authentication at the user, device, and application level and therefore digital identities comprise the new perimeter. If every endpoint is its own edge, it is becoming increasingly challenging to secure thanks to the ever-expanding ecosystem of multi-cloud environments, BYOD devices, IoT, and unprecedented levels of remote work accelerated by COVID-19.

The article main points are:

  • Zero Trust is a set of principles, not a check-the-box-activity
  • Public Key Infrastructure (PKI) is foundational to Zero Trust
  • Zero Trust requires governance, policy, and enforcement through a centralized place
  • Migration to Zero Trust can be step-by-step
    • Secure servers and applications
    • Secure network access endpoints
    • Secure device endpoints
    • Secure email
    • Replace passwords for people with user certificates

Even with the help of automation and single-pane-of-glass management, migrating an entire organization to Zero Trust may seem daunting. Fortunately, organizations don’t have to implement certificates en masse, all at once. IT teams can ease the transition by implementing Zero Trust on a step-by-step basis to make the process as painless as possible. Nice one!

[Read More]

Tags devops infosec teams cio management