Zero Trust security trusts nothing by default unless it can prove explicit identification of who it is each time it connects.
With many IT assets now outside traditional perimeters, IT security is at a crossroads. To address this new reality, organizations are turning to implementing Zero Trust. Zero Trust is a security concept where nothing is trusted and assumes a breach is inevitable or has likely already occurred.
The Zero Trust approach is a response to trends including hybrid working, Bring Your Own Device (BYOD), and cloud-based assets that are not located within an enterprise-owned network boundary. Zero Trust focuses on protecting resources, not network segments, as the network location is no longer seen as the prime component to the security posture of the resource.
NIST 800-207 is the most vendor neutral, comprehensive standard for Zero Trust. NIST 800-207 describes Zero Trust as a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised. Zero Trust Architecture (ZTA) is an enterprise’s cybersecurity plan that utilizes zero trust concepts and encompasses component relationships, workflow planning, and access policies.
The goal of Zero Trust is to prevent unauthorized access to data and services coupled with making the access control enforcement as granular as possible. According to NIST, only authorized and approved subjects (combination of user, application (or service), and device) can access the data to the exclusion of all other subjects (i.e., attackers). They even take it one step further by substituting the word “resource” to “data”, so that Zero Trust and Zero Trust Architecture are about accessing resources and not just data.
Implementing Zero Trust - which focusses on users, assets and resources -usually require a complex, hard-to-deploy, rip-and-replace approach. It can take years to implement — critical time lost, accompanied by escalating costs, all while new threats continue to evolve and attack.
With this in mind, Soliton focused (many years ago) on Data Centric Security which became the cornerstone of our Zero Trust solutions.