The “Zero Trust” cybersecurity concept has been gathering speed for nearly a decade. And with rising rates of ransomware, data breaches and other cybercrimes, this momentum is a positive trend.
But core elements of the framework are not always clear to business leaders. That’s why in 2020 the National Institute for Standards and Technology (NIST) published a 50-page paper detailing Zero Trust architecture.
In a previous edition of Logical Advantage
, we offered readers a seven-point digest of NIST’s wisdom that we would like to reiterate here:
- Consider everything a computing resource, from mobile phones to servers on premises
- Secure all communications regardless of network location
- Grant access on a per-session basis only
- Make access policy dynamic, taking behavioral and environmental factors into account
- Monitor and measure the integrity and security posture of all connected assets
- Strictly enforce authentication and authorization before allowing access
- Collect as much information as possible for continual security improvements
Now, we would like to recommend building on those seven basics by:
- Emulating external standards to fortify internal procedures – Follow guidance from authorities like NIST, but seek the wisdom of peers, too. How are the best companies in your industry developing Zero Trust policies and practices?
- Extending principles to your supply and/or service chains – Ask partners, vendors and suppliers tough questions about their cybersecurity posture. How are they securing data? Networks? Enforcing access? Complying with disclosure regulations?
Will a Zero Trust model work for you? Reach out to us to discuss your options.