The broad theme of Zero Trust is the reduction of implicit trust. As a model for information security, Zero Trust translates to network and security architecture.

security tv, data management, cxo, data centers

At the beginning of 2022, Zero Trust faces a bizarre dichotomy: It’s on the verge of becoming the de facto cybersecurity approach while simultaneously having many security practitioners decry it as “just a marketing ploy.” How did we, as the security community, arrive at such a precarious perch? 

Part of the problem, according to John Kindervag, former Forrester analyst and author of the original Zero Trust research, was that the trilogy of Zero Trust papers remained largely behind the Forrester paywall. For over a decade, only Forrester clients and every security vendor in the world had access. The hype train left the station, with those vendors shaping the Zero Trust narrative from their highly subjective perspective. Nonclients and the greater cybersecurity community only saw Zero Trust through the stained-glass windows of vendor marketing. 

Forrester’s research advanced the Zero Trust concept from network-focused to an integrated, dynamic ecosystem of security capabilities and technologies with the introduction of Zero Trust Extended (ZTX). But analysts are not necessarily marketers, and the research lacked a clear, concise, shareable definition our clients and the larger community could use as a stake in the ground. 

Today, we correct both of these issues with the release of a report titled, “The Definition Of Modern Zero Trust.” Well, yes, that report is behind the paywall, but we’re including its definition here, on the outside, for everyone. 

Zero Trust defined 

Zero Trust is an information security model that denies access to applications and data by default. Threat prevention is achieved by only granting access to networks and workloads utilizing policy informed by continuous, contextual, risk-based verification across users and their associated devices. Zero Trust advocates these three core principles: All entities are untrusted by default, least privilege access is enforced, and comprehensive security monitoring is implemented. 

Notice that the last sentence is the three original Zero Trust principles stated together. Here are the salient points in bullet form: 

    Default deny 

    Access by policy only 

    For data, workloads, users, devices 

    Least privilege access 

    Security monitoring 

    Risk-based verification 

The good news for everyone is that this definition is not divergent from NIST’s definition in SP 800-207. The two definitions explain the same concept, using the same principles and often the same words. 

What about Zero Trust Architecture or Zero Trust Strategy? 

The broad theme of Zero Trust is the reduction of implicit trust. As a model for information security, Zero Trust translates to network and security architecture. See NIST SP 800-207, Zero Trust Architectures, as the most relevant example. 

Some advocates of Zero Trust say that it should also be a strategy that works as well; consider replacing the phrase “Zero Trust strategy” with “a strategy to reduce implicit trust throughout our enterprise” in your mind. 

So, what isn’t Zero Trust? 

To better help security leaders and pros communicate the benefits of Zero Trust adoption, our report provides more clarity on what it isn’t. One key point is that it isn’t a security awareness and training strategy. In fact, there’s no need for the vast majority of end users in an organization to have any familiarity with this concept at all. Pushing Zero Trust concepts to end users will likely backfire from an awareness and training perspective as the perception of having “zero trust” implies a lack of trust in employees. Organizations that have adopted the Zero Trust model see trust as fundamental to creating a positive, low-friction work culture for employees and invest in initiatives to empower the firm at all levels to differentiate with trust. 

Go Forth And Convert The Deniers 

One more time for those in the back: Zero Trust is an information security model, one that can be worked toward but without an ultimate end state. 

This post was written by Senior Research Analyst David Holmes and it originally appeared here. 

TECH NEWS RELATED

How To Qualify for Cyber Insurance and Even Reduce Current Costs

(Photo : Cyber Insurance) Cybercrime continues to grow at a rapid pace and if your business is not properly protected it could have damaging consequences. Over 50% of small businesses have experienced a data breach of some type. That’s why it’s more important than ever to make sure you ...

View more: How To Qualify for Cyber Insurance and Even Reduce Current Costs

Mozilla Thunderbird 102 Arrives with a Taste of What’s to Come

Mozilla Mozilla Thunderbird just got its biggest update in nearly a decade. The email client’s Version 102 update includes a ton of useful changes, like an improved account import process, a revamped address book, and an all-new Spaces Toolbar. Thunderbird’s new import process is the most important part of ...

View more: Mozilla Thunderbird 102 Arrives with a Taste of What’s to Come

Hyundai’s IONIQ 6 EV Revealed with Futuristic Good Looks

Hyundai Hyundai just gave the world an early look at its upcoming electric sedan, the IONIQ 6, which will make its full debut later in July. The unique and futuristic good looks were inspired by the Hyundai Prophecy concept EV from 2020 that had aerodynamics in mind. Compared to the ...

View more: Hyundai’s IONIQ 6 EV Revealed with Futuristic Good Looks

Ghost Imaging System Combined With Human Vision Allows Seeing Through Objects Behind Walls

(Photo : Pixabay/dcondrey) Ghost Imaging System Combined With Human Vision Allows Seeing Through Objects Behind Obstacles An X-ray vision that lets people see through any object is a staple power for many superheroes. But soon this might no longer just be a fantasy for ordinary humans as a new ...

View more: Ghost Imaging System Combined With Human Vision Allows Seeing Through Objects Behind Walls

The second lives of our old smartphones and tablets

Asia is one of the world’s most digitized regions with mobile subscriptions at 58 percent and most households own multiple electronic products from iPhones and iPads to TVs and computers. These products have allowed us to live better and more productive lives but come at a staggering cost in terms ...

View more: The second lives of our old smartphones and tablets

With changing climate, global lake evaporation loss larger than previously thought

Credit: Unsplash/CC0 Public Domain A white mineral ring as tall as the Statue of Liberty creeps up the steep shoreline of Lake Mead, a Colorado River reservoir just east of Las Vegas on the Nevada-Arizona border. It is the country’s largest reservoir, and it’s draining rapidly. With much of ...

View more: With changing climate, global lake evaporation loss larger than previously thought

Falling stardust, wobbly jets explain blinking gamma ray bursts

Jet (in red) wobbles inside the collapsar before punching out into the photosphere. Credit: Ore Gottlieb/Northwestern University A Northwestern University-led team of astrophysicists has developed the first-ever full 3D simulation of an entire evolution of a jet formed by a collapsing star, or a “collapsar.” Because these jets generate ...

View more: Falling stardust, wobbly jets explain blinking gamma ray bursts

NASA mission aims to study ice and water on the moon's surface

Credit: NASA In the fall of 2023, a U.S. rover will land at the south pole of the moon. Its mission: to explore the water ice that scientists know lurks within the lunar shadows, and which they believe could help sustain humans who may one day explore the moon ...

View more: NASA mission aims to study ice and water on the moon's surface

1Password now allows you to share documents and files with a link

Belkin unveils upgraded 3-in-1 wireless charger for the Apple Watch Series 7

NASA Kicks Off Artemis Lunar Program with CAPSTONE Launch

Samsung One UI 5.0 is coming soon for Galaxy S22 series

Nothing Phone Will Have a Mid-Range Snapdragon Processor

Grab an Unlocked Surface Duo for Just $420 With This Early Prime Day Deal

Will Apple's iPhone 14 Have a Higher Price? What the Rumors Say

W3C Steers Course To Become a Nonprofit Organization

Tencent seeks to expand game technology application to other sectors

Assigning moving features in high-speed atomic force microscopy

Rescuing an ancient fish species on the brink of extinction

Life in the Earth's interior is as productive as in some ocean waters

OTHER TECH NEWS

Top Car News Car News