I sometimes discover a cool new app to install. When I’m out and about, I often move from one Wi-Fi to another and not all are safe. It occurred to me that bad things can (and do) happen at any time. This sounds pretty good, but have we truly addressed the trust problem? Maybe their device has been compromised by malware and it would no longer be safe to allow that device to be used for sensitive activities. Maybe credentials have been stolen and the requester isn’t really who they say they are. It also ensures that in case anything bad has happened since the last successful access, we have the opportunity to deny that new request. It addresses the too-broad access by requiring new authorization for each resource requested, each time, effectively shutting off lateral movement within an environment or network. With Zero Trust, we take each request for an app, system, or resource as a separate transaction that starts with zero implied trust. You get the point – for many years we have relied on historical beliefs and insufficient validation to grant broad access to our sensitive stuff. The corporate laptop we issued with the carefully crafted image was secure when we issued it, so any activities on that device should also be trusted. We used to assume that our corporate networks were trusted, so anyone able to join that network was also assumed to be trustworthy – the same goes for our VPNs. What I learned is that Zero Trust is basically the idea that we should not assume or imply trust as part of any access request based only on history or anything we think we already know about the requestor. The experts have all spoken – Zero Trust is the answer.īut I’m like you, and I do my research to learn just what that means so I can implement the best Zero Trust around. With the vast majority of both our workers and our resources living outside of the now outdated corporate perimeter, it’s no wonder that there is so much consensus that we must find a new way forward if we intend to support the productivity of our vastly remote workforce while effectively protecting the sensitive resources that support that productivity. Let’s face it, most professionals in enterprise security would agree that when it comes to secure remote access, Zero Trust is the right strategy for our modern workstyles and modern corporate infrastructures.
… and continuous authorization is only possible with real-time device trust and a means to instantly revoke access.
0 kommentar(er)
