EXPERT OPINION
You can ’ t have strong security without considering how you authenticate the people , devices and systems that access your data .
Never trust , always verify
Zero Trust is gaining momentum , with ResearchAndMarkets . com estimating it to be a £ 44 billion market by 2028 . But there are a wide range of definitions of what Zero Trust actually means . Put simply , Zero-Trust security is a policy of maintaining Zero Trust towards all users , providers and network traffic — even those inside the network .
Zero Trust operates under the guiding principle , ‘ never trust , always verify ’. All users , platform providers and network traffic are treated as potential threats , so additional measures are needed to mitigate risk .
So , what does strong Zero Trust security look like in action ? This approach can transform the way you monitor , prevent and mitigate the risks associated with insider threats . When you stop treating the network as an automatically safe space and , instead , put processes in place to monitor and verify traffic , data access and the flow of data sharing , you gain more control over where the data goes and who is authorised to access it .
Because , at the end of the day , the perimeter is bound to be breached in some way . Insider threats are a powerful example of this : even a well-intentioned employee can , without malice , exfiltrate sensitive data and cause a breach . As cyberattacks like ransomware and phishing continue to escalate and become even more sophisticated , it ’ s essential to stop granting unearned trust to entities within the bounds of the corporate network .
Focus on the data
The Zero Trust policy control plane is layered and has several facets : identities and people ; devices and endpoints ;
network transport ; apps and services ; and – most critically – the data itself .
Why focus on protecting the data itself ? Because it is the lifeblood of modern businesses and the core pillar of how organisations operate today . John Kindervag , the father of modern Zero Trust , is known for saying ‘ The first principle of cybersecurity is to protect data and prevent breaches ’. Across all security efforts , data is the common denominator .
Zero Trust is certainly a multi-layered endeavour . You can ’ t have strong security without considering how you authenticate the people , devices and systems that access your data . But , should the other areas of Zero Trust protection fail , if you are protecting the data itself with a layer of encryption as a data-centric protection , it still remains secure .
Ultimately , Zero Trust will always come back to the data .
42 www . intelligentciso . com