The Zero Trust approach provides a powerful foundation for remote network access management, particularly today when so much has changed regarding the expansion of enterprise threat surface following the dramatic increase in remote work as a response to the COVID-19 outbreak.
The original concept of Zero Trust introduced a decade ago was intended to enhance conventional thinking around perimeter security, by taking the novel approach that everything and everyone should be assumed to be untrusted until authenticated, and that authentication should not be limited to a one-time event.
Why? Because the initial entry into the network is not the only issue of concern. Just about any form of perimeter security is pointless on its own given the complex environments enterprises operate in today, and that’s only going to get worse in the near future. Thus, security professionals are starting to rethink the way they approach access control and the security models of interconnected systems and user access, and to reconsider how Zero Trust can help remediate risk.
First, security teams need to start looking at the entire environment as potentially untrusted or compromised, versus thinking in terms of outside-in attack vectors. They should also understand the need for a renewed focus on trust relationships, and user-to-system and system-to-system relationships in general, within all parts of their environment.
Zero Trust is a model in which all assets in an IT operating environment are considered untrusted by default until network traffic and behavior is validated and approved. The Zero Trust approach does not involve eliminating the perimeter; instead, it leverages network micro-segmentation and identity controls to move the perimeter in as close as possible to privileged apps and protected surface areas as possible.
The Using Zero Trust to Enable Secure Remote Access white paper provides guidance for implementing a Zero Trust architecture based on your organization’s goals, the intended scope of its application and timeframe for implementation, and the technologies available today to successfully implement a Zero Trust access control model.