There's a lot of buzz around the term Zero Trust.
However, there is also some uncertainty around it.
What is the definition of a Zero Trust organization, and what does this look like in practice?
This was the focus of the SecureWorld web conference, Practical Steps to Zero Trust, which is available now on-demand.
The definition of Zero Trust
Bruce Lobree, Security Architect at Symetra, kicked off the web conference by defining what Zero Trust really means:
"Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters, and instead must verify anything and everything trying to connect to its systems before granting access."
And after you start with Zero Trust, you can then focus on building trust and what you must establish to have that trust. Here is one of the examples Lobree shares in the web conference:
Tapan Shah, Managing Director at Sila Solutions Group, also helped lead the web conference, and he says being a Zero Ttrust company requires one thing above all else:
"Transactional verification is the key to the Zero Ttrust model. For each layer of users, applications, data, network, and cloud, a trust must be established," he says.
And he says a Zero Trust organization must develop a continuum of verification, as you see here:
Both speakers cautioned that a Zero Ttrust organization does not happen overnight, and that you should start with specific priorities.
According to Shah, "It is a cultural shift, so don't try a big bang approach. Phase it in by applying a risk-based lens to what you do, identify your crown jewels, and phase in Zero Ttrust by starting there."
Adds Lobree, "I would start by looking at authentication, how are you authenticating your users; that is where you need to start."
And you can also start by watching the web conference, Practical Steps to Zero Trust, available on-demand, where you'll learn many specifics about each part of the Zero Trust journey and how it can make your organization more secure. (Earn 2 CPE credits for participating in this online training.)
