Picture this scenario: you are a security guard at an office building. Today you are looking after a restricted area. A person you’ve never seen before walks straight past you into one of the rooms. Would you stop them or would you just assume they are allowed to be there?
In a physical world, trust is most commonly based on who you are, not where you are. A savvy security guard would ask you for your ID before allowing you in. Virtually, though, the situation is different: being in the right place is often enough. If you are inside of a company’s network perimeter, it is often assumed you have the right to be there. You gain access to the same data and tools that any other trusted user would. It’s clear that such an approach is no longer enough.
Zero trust security comes in as an alternative model, more in line with the current threat landscape. It is based on the principle of “always check, never trust“, originally introduced by Forrester. It takes into account 3 main factors:
Moving from a perimeter model to Zero Trust means assessing, adapting and implementing new security policies that address threats in a constantly changing environment. In this trust-centric approach access is granted to users and devices, not a network.
This means that policies now need to be calculated based on a vast number of data sources. All network activities must be continuously taken into account. Any indications of compromise or changes in the behaviour of apps, users and devices must be examined, validated and receive immediate responses.
How to apply a Zero Trust model
Cisco’s practical approach to Zero Trust includes six important steps.
Zero Trust Security involves people, processes and technology in its adoption. It can provide a roadmap for a truly efficient and automated security infrastructure.
Join us at Cisco CISO Day in Barcelona
We will cover zero trust security and other strategic topics at the “Cisco CISO Day“, an exclusive event for CISOs, taking place on 27 January 2020 in Barcelona at the Cisco Co-Innovation Center.It is a great opportunity to talk with colleagues and experts and find concrete answers to any burning security questions.