Taking “Zero Trust” to the Next Level

1/18/2022

Taking “Zero Trust” to the Next Level The “Zero Trust” cybersecurity concept has been gathering speed for nearly a decade. And with rising rates of ransomware, data breaches and other cybercrimes, this momentum is a positive trend.
But core elements of the framework are not always clear to business leaders. That’s why in 2020 the National Institute for Standards and Technology (NIST) published a 50-page paper detailing Zero Trust architecture.
In a previous edition of Logical Advantage, we offered readers a seven-point digest of NIST’s wisdom that we would like to reiterate here:
  1. Consider everything a computing resource, from mobile phones to servers on premises
  2. Secure all communications regardless of network location
  3. Grant access on a per-session basis only
  4. Make access policy dynamic, taking behavioral and environmental factors into account
  5. Monitor and measure the integrity and security posture of all connected assets
  6. Strictly enforce authentication and authorization before allowing access
  7. Collect as much information as possible for continual security improvements
Now, we would like to recommend building on those seven basics by:
  • Emulating external standards to fortify internal procedures – Follow guidance from authorities like NIST, but seek the wisdom of peers, too. How are the best companies in your industry developing Zero Trust policies and practices?
  • Extending principles to your supply and/or service chains – Ask partners, vendors and suppliers tough questions about their cybersecurity posture. How are they securing data? Networks? Enforcing access? Complying with disclosure regulations?
Will a Zero Trust model work for you? Reach out to us to discuss your options.