What is Zero Trust and why is it so important?

Why you should never trust and always verify

What is Zero Trust and why is it important for businesses today?

Our information security lead and ‘ethical hacker’ Dave Higgs explains the concept of Zero Trust. Using the ‘medieval castle’ analogy he provides some useful insight into areas for any business to consider when embarking on a Zero Trust journey.

The “Zero Trust” methodology is a concept born out of a response to the emerging threats and a changing IT landscape. The basis for this methodology is that even if someone is inside the ‘trusted’ part of your network, they should still be treated like someone who is outside of this network.

Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust, always verify.”

Why adopt Zero Trust?

The “Zero Trust” methodology is a concept born out of a response to the emerging threats and a changing IT landscape.

The basis for this methodology is that even if someone is inside the ‘trusted’ part of your network, they should still be treated like someone who is outside of this network.

Instead of assuming everything within the corporate firewall is safe, the Zero Trust security model always assumes breach and uses verification of each request, as if the request was originated from an outside source.

Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust, always verify.”

Businesess that have enabled critical applications to be publicly available for remote working staff during the pandemic have potentially increased the attack surface for hackers.

The key principals to the Zero Trust methodology

The key principals when applying the Zero Trust methodology in a business are:

• Verify explicitly – Always authenticate and authorise, and the more data points that are used the better! User identity, location, device health, service or workload, data classification, and anomalies.
• Use least privileged access – Limit user access with just-in-time and just enough-access.
• Assume breach – Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defences.

Adopting a Zero Trust methodology helps ensure you select the right technology to enable you to deploy public cloud securely, an important aspect to consider when ensuring you are agile enough to meet the requirements of today’s mobile modern workforce. Zero Trust principals help ensure home and remote workers are able to experience optimal service for applications in a secure way, whilst protecting against potential hackers.

It also reduces the would-be blast radius if a member of staff were to accidentally click on an email link or download an application they shouldn’t, or even from disgruntled staff members (the most dangerous of all) that are leaving the business and want to access data that they shouldn’t.