As it relates to information security, the notion of trust has been debated for years on end. While traditionally any activity occurring within the enterprise’s network was to be trusted, security incidents over the years have proven that to be a shaky approach. That’s why the Zero Trust security model began to pick up momentum when it was introduced by Forrester Research in 2009.
Fast forward to today, and a majority of security departments apply this approach to their infosec strategy. If you’re thinking of taking a similar angle at your business, how easy is it to roll this out, communicate it, and what does the endgame look like? Below, security veterans Ed Moyle and Raef Meeuwisse answer those questions.
“In my opinion it’s more of a philosophy than a set of technologies,” Moyle says. “What I mean by that is that you can start adopting a zero trust approach today…so going forward as we deploy new applications and systems they’re going into a soup of potential attacker activity. Ultimately, the long-term vision would be to have a suite of technologies that are designed to enforce appropriate authentication of traffic. Basically, treating the internal network as you would an external one.”
In the latest edition of MISTI’s DeMISTIfying Security, Ed and Raef dissect the zero trust model. From the pros and cons to the obstacles you may face rolling out this philosophical approach to security, this week’s segment will shed new light on this topic.