It may seem as if every organization except for yours is jumping on the zero trust bandwagon. With remote and hybrid workforces here to stay, the zero trust security model is increasing in popularity. However, a recent study by the Cyber Risk Alliance found that only about 35% of security professionals are familiar with zero trust, and about the same percentage have implemented zero trust at their organizations.1
Let’s clear up some of the confusion regarding the zero trust security model.
What Is Zero Trust?
The zero trust security model was developed as a modern alternative to the traditional “castle and moat” model, which implicitly trusted all users and devices located inside an organization’s network perimeter. This model worked well when employees and equipment were located on-premises, ensuring a clearly defined network perimeter.
However, modern workplaces are no longer confined within a network perimeter. Thanks to a combination of cloud computing, Internet of Things (IoT) devices, and widespread distributed work, most people and devices connect to organizational resources remotely.
The zero trust model eliminates implicit trust, focusing on who users are instead of where they are connecting from. It has three core pillars:
- Assume breach. Any user or device could be compromised, even if they’re connecting from inside the organization’s office.
- Verify explicitly. All users and devices must prove that they are who they say they are before they can access network resources.
- Ensure least-privilege. All users and devices must be granted the minimum level of network access necessary.
Should All Businesses Adopt Zero Trust?
Certainly, modern organizations should not still be using a security model developed decades ago, when data environments were far less complex, and remote work was rare. However, that does not mean zero trust is one-size-fits-all.
Although the zero trust model can be summed up relatively simply, it is not a simple security model. In addition to requiring a complete shift in organizational security mindset, zero trust involves quite a bit of work to implement and maintain. Done incorrectly, zero trust can leave organizations with gaping security gaps.
The decision to implement zero trust should not be made lightly. If you are considering adopting the zero trust model, but you have questions and concerns, download SECNAP’s free whitepaper, Is Zero Trust Right for Your Business? This free resource examines the pros and cons of zero trust in detail, along with alternatives.