The concept of a Zero Trust infrastructure is now broadly understood across most industry sectors, but what’s less clear is the path organisations need to follow to get there.
Rather than simply being a case of purchasing and deploying a single solution, the process involves a series of steps that must be carefully planned and undertaken.
Begin with a definition
Even if the concept is known, it’s worth starting any deployment project by ensuring that all parties involved agree with the definition.
In essence, a Zero Trust infrastructure requires everyone and everything connecting to a network to have their identity verified. This must even occur if they are connected to a permissioned network such as a corporate LAN.
Devices being used to connect must also comply with an organisation’s stated security policies. This could include having the latest security and OS patches in place. Also, it’s important that parties are only provided with access to resources that they specifically require for their role. If they attempt to access anything else, they will be blocked.
A Zero Trust strategy allows an organisation to move away from the concept of having a secure perimeter designed to keep unauthorised parties out. For many years this was seen as the best method of achieving strong IT security however, as cyberthreats have grown in both number and sophistication, this is no longer the case.
Although first coined back in 1994, the term Zero Trust didn’t gain significant commercial attention until Google implemented the architecture in 2009 and referred to it as BeyondCorp. Fast forward to 2021 and US President Joe Biden made Zero Trust a key pillar of his executive order designed to improve government cybersecurity.