Zero trust security


A step in the right direction for cyber hardening

Traditional security focused mainly on external threats, working on the assumption that internal actors are trustworthy and mean no harm – this was sometimes referred to as the castle and moat model since effort was mostly expended on counter intrusion – i.e. keeping the bad guys out. The disadvantage of this model is that once an attacker has gained access, they have full control of the systems, without any further hindrance.

With cloud computing, data is dispersed and distributed across the infrastructure, limiting the efficiency of this perimeter-centric security approach. Zero trust security systems recognise that threats can be from anyone, including insiders. Zero trust treats both internal and external actors the same and continuously evaluates person or system behaviour and actions, identifying and eliminating potential threats. In zero trust, a risk score is calculated, based on the evaluation of several parameters of defined legitimate/sanctioned factors of an individual’s behaviour. These parameters range from basics like a user’s physical location, an IP address, authorisation and permissions to advanced clearances etc. If the risk score exceeds the approved threshold, the actor is locked out of the network, or required to undertake additional checks (such as a second factor of authentication or one-time password)…Click here to read full article.