Born from the idea to, “never trust, always verify,” Zero Trust security is a reliable cyber security framework that defends against advanced attacks no matter where the access request originates. The term Zero Trust was coined in 2010 by John Kindervag, former vice president and principal analyst for Forrester Research. What Kindervag realized was that traditional models of security tended to work under the misguided assumption that everything within an organization's network should be trusted. Instead, he argued that this was a broken trust model since a user’s identity could be compromised no matter where it originated.
What is Zero Trust Network Access?
The Zero Trust model or a Zero Trust Network Access (ZTNA) recognizes that trusting an identity (user) can be a major vulnerability for an organization. That identity could potentially be a malicious actor within the walls of the data, and once they gain further access can do some real damage to an organization's network, such as gaining access to financial data, personal information, or sensitive patient data.Therefore, instead of trusting identities for access, this principle follows the idea of trusting no one and verifying every access. At its core, Zero Trust suggests considering everything hostile until proven otherwise. Some of the technologies that ZTNA requires are strict access control and verification such as MFA or 2FA, along with Least Privilege Access to control authentication before granting access. In addition, ZTNA uses segmentation to create perimeters around certain types of sensitive data including personal data, credit card info, and data backup.
Why Is It Needed?
In the world of digital security, Zero Trust is actually still in its infancy. According to NetSecurity online, “While organizations clearly value Zero Trust as a necessary part of their cybersecurity strategy, widespread adoption is lacking. Of the respondents who find Zero Trust to be extremely or very important to their security posture, only 19% have fully implemented or widely implemented their zero trust plan.” Zero Trust planning and implementation is beginning its roll out in many organizations due to the demand and needs of remote work life during the pandemic. Practically speaking 1-in-4 Americans will be working remotely or hybrid remotely for the remainder of the year and into next year. With requests for access coming from multiple locations both within the walls of the physical office and from remote destinations, it is imperative that companies institute a Zero Trust model to protect themselves from threats to their most valuable assets.
What Are the Benefits?
There are multiple benefits to using this type of technology. ZTNA reduces both an organization’s risks and the possibility of a data breach. Its technologies also provide access control over the cloud and support compliance initiatives, especially critical to organizations in the healthcare industry. ZYNA can be delivered as a service and can be implemented in stages to help your organization get up-to-speed in regards to the potential threats looming just around the corner.