CIO OPINION
In a Zero Trust environment , cybersecurity is attuned to the way people work . It becomes data-centric , and authorization is based on identity and context rather than tied to a device .
Zero Trust adopts the philosophy that all data moving across a corporate network should be viewed as being potentially hostile . Nothing is trusted , and access should never be granted based on the assumption of trust .
Least-privileged access
At its heart , Zero Trust principles assume all data represents a potential threat . As such , any authorization to progress forward with work requires disproving the premise that the data was already compromised . This contrasts with legacy security infrastructure and standard processes that extend privileges based on fallible factors such as machine identification using an IP address .
Direct connectivity
Corporate systems remain obscured
Cybercriminals can only attack what they can see , and , unfortunately , most enterprises still expose IP addresses to the open Internet . However , systems are not visible to the outside world in a Zero Trust environment . This is because Zero Trust mandates inside-to-outside connections and blocks outside-toinside connections . In this way , the attackable threat surface is significantly reduced .
The Internet is the new corporate network
Zero Trust leverages the Internet as a communications backbone . Users connect to applications or resources via the Internet , with cybersecurity delivered immediately at the cloud edge . Zero Trust dissociates connectivity from the physical network , so the Internet replaces the corporate network , thereby reducing corporate reliance on costly LAN and WAN infrastructures .
Direct connectivity is a fundamental feature of Zero Trust security . Users connect directly to the application or resource they need to use at that moment . Once the utility is served , the connection is discarded . Each use of the application or resource requires subsequent reconnection and reauthorization . In this way , connectivity can be considered almost disposable , and a means to an end rather than the end itself .
Zero Trust adopts the philosophy that all data moving across a corporate network should be viewed as being potentially hostile .
www . intelligentcio . com INTELLIGENTCIO APAC 45