The proper implementation of Zero Trust depends upon a well-defined strategy focused on a holistic approach towards protecting your data wherever it resides
It’s no surprise that organizations moving to the cloud are looking at Zero Trust. Zero Trust provides a model for designing networks and systems to address the modern threat landscape. It is based on the concept of least privilege, which calls for limiting access rights to users to the bare minimum that they need to accomplish their specific tasks.
Put simply, the objective of Zero Trust is to strengthen an organization’s data security by limiting the risk from excessive user privileges and access, using a series of controls to ensure threats cannot move laterally within an enterprise’s infrastructure. As a result, granular access policy enforcement based on user context, data sensitivity, application security, and the device posture, becomes a critical component of any enterprise’s Zero Trust architecture.
As I’ve noted in this space before, Zero Trust was first introduced by Forrester Research a decade ago. It challenged the existing perimeter-based network security paradigm. It argued that not just the perimeter, but everything in the network needed to be locked down to be protected and secured, highlighting the specific risk of lateral movement within a network once a perimeter is breached. While great in theory, the concept proved difficult to implement given the security technologies available at the time.