With the Zero Trust Myths out of the way, where do you start? Zero Trust is a philosophy, a set of guiding principles that can be used to improve the security posture of an organization and reduce the risk of a breach by limiting lateral movement. Implementing Zero Trust is more than simply implementing a “Zero Trust”…
Archives
-
Zero Trust Myth Series: Leveraging Risk Analysis to Enhance Trust
Trust is a foundational part of personal relationships, and it is a foundational part of the digital relationships between employees, their devices, and the enterprise. However, the sad fact facing security professionals is that there are some insiders – whether they are disgruntled employees or external threat actors acting as legit users that penetrated the…
-
Zero Trust Myth Series: Zero Trust is about Secure Access, Not Zero Access
Say the term Zero Trust, and there will be those that take the word zero to mean exactly that-zero, as in no trust at all. In reality, Zero Trust is about acknowledging that bad actors will make their way into an organization’s environment and building defenses with that idea in mind. This confusion is the…
-
IDSA Response to NIST Zero Trust Architecture SP 800-207
Recently, NIST released 800-207 draft document, which is intended to provide guidance for government and non-government organizations on implementations of a Zero Trust architecture. The document provides a definition of the core components that make up a “zero trust architecture (ZTA) network strategy,” a gap analysis of areas where more research and standardization is required, establish an…
-
Zero Trust Myth Series: Going Beyond the Network
First impressions die hard. When the concept of Zero Trust was first introduced, the focus was on segmenting, isolating, and controlling network traffic. Today, however, those ideas represent only one fraction of a Zero Trust strategy. On my list of Zero Trust myths, the second fallacy I noted was the idea that Zero Trust focuses solely on…
-
Zero Trust Myth Series: What’s Old is New Again, with a Twist
There was a time when defending the perimeter was the focus of IT security. By necessity, those days have long passed. Between insider threats, credential-stealing malware, and social engineering, today’s businesses need to secure more than the gate around the castle. They must defend the doors inside the castle itself. This reality has brought Zero…
-
Identity Defined Security Alliance Publishes New Guidance on Zero Trust
Alliance to share vision for changing security paradigm, and how putting identity at the center will help organizations leverage existing investments while reducing risk, at Black Hat USA 2019 DENVER, July 24, 2019 — The Identity Defined Security Alliance (IDSA), an industry alliance that helps organizations leverage existing cybersecurity investments to establish a stronger security posture, today…
-
LogRhythm’s Journey to Identity-Centric Zero Trust
The original Zero Trust model was developed by Forrester in 2010, but not fully embraced until Google successfully developed and implemented their version of Zero Trust, Beyond Corp, almost six years later. Let’s explore what exactly the Zero Trust model is and what it means to implement one. This shifts away from the large, corporate perimeters, with layered-in…
-
Zero Trust in the Identity-Defined World
The Origins of Zero Trust The Zero Trust model was established in 2010 by Forrester analyst John Kindervag and has enjoyed a fascinating and somewhat tumultuous 10-year history. It was born out of a period of increased and sustained breach activity combined with a growing frustration that existing security approaches were falling short of addressing…
