The notion of a secure network perimeter no longer applies.
With the rapid onset of digital transformation, the way business interacts and connects through the internet has exploded. Whether it is through cloud computing, Internet of Things (IoT) or increased home working, the attack surface has grown exponentially.
Reliance on ring-fencing the company network and defending the perimeter is no longer suitable at this time or how businesses work. Assuming that everything inside the network can be trusted leads to major crisis incidents. In addition, the way we share information with our employees, our customers, and third-party suppliers means that the stand-alone data centre that contains all of our information is no longer the most efficient way of operating. Now the norm is a hybrid system with cloud-based applications working alongside on-premise data centres, and these systems and data being accessed from all over the world.
The concept of Zero Trust implies that trust cannot be implicitly granted to users or services based solely on their ownership or physical or network location.
Based on the work by John Kindervag in 2010, the concept of Zero Trust focuses on users, assets and resources. Briefly, there are three main points:
This has developed over the years to include the assumption that if you are connected, then you will be breached.
The goal of Zero Trust is to prevent unauthorised access to data and services. It achieves this by making the process of access control as granular as possible. This increases the difficulty of not being detected during “lateral movement” of hackers once they have infiltrated the perimeter boundary.
In order to move towards a “Zero Trust Architecture”, there are some fundamental issues to consider in your organisation. Due to the nature of this paradigm, business functions and the IT function will require greater collaboration in defining the policies and behaviours of the normal day-to-day workflow:
At Tannhauser, our Assess and Enhance functions are the perfect solution for those that wish to implement Zero Trust Architecture.
In Assess we review your existing cyber security services and its alignment with your business risk. We also consider:
Based on the results of the Assess phase, Tannhauser will build and Enhance your cyber security operations around the Zero Trust paradigm:
To understand what Zero Trust means for you and your business, we are on hand to help address any questions and how this applies to your business.