With so many definitions of 'Zero Trust' out there, it's often unclear what it references. What do you think Zero Trust means? What does it encompass?


1.3k views1 Upvote27 Comments

Chief Information Officer in Healthcare and Biotech, 1,001 - 5,000 employees
The latest NIST guidance on implementing a Zero Trust Architecture (ZTA) suggests that the number one priority in migrating to a ZTA is the implementation of an enterprise Identity Access Management  architecture that provides the ability to enforce policy rules at every step of the authentication process. Cloud providers do a good job providing services to implement ZTA. However, most organizations will likely be stuck in a hybrid security architecture encompassing both cloud and legacy infrastructure. The likely challenge for most organizations will be to apply ZTA processes in the cloud workflow architecture as applications migrate from server based processes to cloud work flows.
2
EVP - Global Service Delivery in Services (non-Government), 10,001+ employees
Without searching for the term on the internet, my impression is that it is similar to the concept of least privilege where it's assumed by default that a user should not have access to anything and only with business justification can access be granted to anything and then only that thing is allowed.
2
CIO in Services (non-Government), 5,001 - 10,000 employees
Maintaining strict control starting with no access even to inside folks and then providing access as necessary and required
2
CTO in Software, 11 - 50 employees
I like to start with this simple statement: "Assume that you have no/zero security perimeter, how do you ensure that all attack vectors are protected?" From that one architects and implements the correct set of solutions and technologies that results in what is now the ZTA buzzword/acronym
1
Assistant Director IT Auditor in Education, 10,001+ employees
It is like verify then trust. A lot of companies go with two factors or multi-factors authentication to control access. Almost every banks and financial companies implement two factors authentication.
VP, Technology Manager in Education, 10,001+ employees
To mean it is just a new way of saying “least privileged access”. You start with the assumption that no access is assumed and only build trust as access is authorized.
1
Director, Information Security Engineering and Operations in Manufacturing, 5,001 - 10,000 employees
Like many other security terms these days, it's just regurgitating old security principles and giving them new names. Zero Trust = only those who are supposed to get access... well... get access.
CTO in Education, 51 - 200 employees
In its most simplistic form Zero Trust means everything must verify prior to it connecting to the network.
2
Chief Techical Officer in Software, 11 - 50 employees
It means you have zero trust and always verify any access. Any access by a user must be verified using one or more means by which you have faith in authenticity of the verification method also control over it. Eg: if you use G-Suite you could force users to authenticate against their G-Suite account for access and you can control that level of access from none to root depending on the account. You can use more than one factor and also tune the validity periods etc. 

When it comes down to it, you have zero trust that the person is who they say they are and enforce proof everytime.
1
Vice President / IT Services / Digital Workplace leader in Software, 10,001+ employees
In its simplest form, no one is trusted by default, and validation is required for anyone wanting to access services within the network
1

Content you might like

Patch management: to reduce attack surface and avoid system misconfigurations39%

Malware and ransomware prevention: to protect endpoints from social engineering attacks58%

Malware and fileless malware detection and response: to protect against malicious software49%

Threat Hunting: to detect unknown threats that are acting or dormant in your environment and have bypassed the security controls33%

Not planning to change endpoint security strategy10%


184 PARTICIPANTS

397 views

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
40.9k views131 Upvotes319 Comments