'Zero Trust' Security Approach

    Instead of believing everything inside the organization’s firewall is safe, the Zero Trust model assumes breach and a “never trust, always verify” access approach.

     

    Every request, regardless of whether it originated internally or externally, is strongly authenticated, authorized, and inspected for anomalies. “Least privileged access” principles and micro-segmentation are applied to minimize lateral movement should a breach occur.

     

    In a Zero Trust framework, all users and devices inside and outside the organization perimeter seeking access are verified in real time.

     

    Every access request is authenticated and authorized based on a multitude of available data points, including user identity, location, device information, data classification, and anomalies.

     

    These access policies must strike the proper balance to keep the organization safe yet functional.

    Guiding Principles of Zero Trust

    Verify explicitly

    Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.

    Use least privileged access

    Limit user access with Just-In-Time and Just-Enough Access (JIT/JEA), risk-based adaptive policies, and data protection to protect both data and productivity.

    Assume breach

    Minimize blast radius for breaches and prevent lateral movement by segmenting access by network, user, devices, and application awareness. Verify all sessions are encrypted end to end. Use analytics to get visibility, drive threat detection, and improve defences.