With so many definitions of 'Zero Trust' out there, it's often unclear what it references. What do you think Zero Trust means? What does it encompass?

1.3k views1 Upvote27 Comments

Chief Information Officer in Healthcare and Biotech, 1,001 - 5,000 employees

The latest NIST guidance on implementing a Zero Trust Architecture (ZTA) suggests that the number one priority in migrating to a ZTA is the implementation of an enterprise Identity Access Management architecture that provides the ability to enforce policy rules at every step of the authentication process. Cloud providers do a good job providing services to implement ZTA. However, most organizations will likely be stuck in a hybrid security architecture encompassing both cloud and legacy infrastructure. The likely challenge for most organizations will be to apply ZTA processes in the cloud workflow architecture as applications migrate from server based processes to cloud work flows.

EVP - Global Service Delivery in Services (non-Government), 10,001+ employees

Without searching for the term on the internet, my impression is that it is similar to the concept of least privilege where it's assumed by default that a user should not have access to anything and only with business justification can access be granted to anything and then only that thing is allowed.

CIO in Services (non-Government), 5,001 - 10,000 employees

Maintaining strict control starting with no access even to inside folks and then providing access as necessary and required

CTO in Software, 11 - 50 employees

I like to start with this simple statement: "Assume that you have no/zero security perimeter, how do you ensure that all attack vectors are protected?" From that one architects and implements the correct set of solutions and technologies that results in what is now the ZTA buzzword/acronym

Assistant Director IT Auditor in Education, 10,001+ employees

It is like verify then trust. A lot of companies go with two factors or multi-factors authentication to control access. Almost every banks and financial companies implement two factors authentication.

VP, Technology Manager in Education, 10,001+ employees

To mean it is just a new way of saying “least privileged access”. You start with the assumption that no access is assumed and only build trust as access is authorized.

Director, Information Security Engineering and Operations in Manufacturing, 5,001 - 10,000 employees

Like many other security terms these days, it's just regurgitating old security principles and giving them new names. Zero Trust = only those who are supposed to get access... well... get access.

CTO in Education, 51 - 200 employees

In its most simplistic form Zero Trust means everything must verify prior to it connecting to the network.

Chief Techical Officer in Software, 11 - 50 employees

It means you have zero trust and always verify any access. Any access by a user must be verified using one or more means by which you have faith in authenticity of the verification method also control over it. Eg: if you use G-Suite you could force users to authenticate against their G-Suite account for access and you can control that level of access from none to root depending on the account. You can use more than one factor and also tune the validity periods etc.

When it comes down to it, you have zero trust that the person is who they say they are and enforce proof everytime.

Vice President / IT Services / Digital Workplace leader in Software, 10,001+ employees

In its simplest form, no one is trusted by default, and validation is required for anyone wanting to access services within the network

Content you might like

Does your company have a data recovery process in place?

Data & Analytics Business Intelligence Security & GRC +1 more

Yes87%

No10%

Not sure2%

771 PARTICIPANTS

2.8k views

Are you planning to improve endpoint security in the next 12 months with any of these additional capabilities?

Security & GRC Threat & Vulnerability Management Identity & Access Management (IAM)+8 more

Patch management: to reduce attack surface and avoid system misconfigurations39%

Malware and ransomware prevention: to protect endpoints from social engineering attacks58%

Malware and fileless malware detection and response: to protect against malicious software49%

Threat Hunting: to detect unknown threats that are acting or dormant in your environment and have bypassed the security controls33%

Not planning to change endpoint security strategy10%

184 PARTICIPANTS

397 views

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & Leadership Strategy & Architecture Cloud +57 more

CTO in Software, 201 - 500 employees

Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.

142 19 Replies

Does the risk of Ransomware and malware propagation bother you? Is IoT security a top of mind for you? To protect against many risks, we have witnessed success of micro-segmentation in the data center. Would you be willing to deploy similar solution for the campus? I am very curious to get your feedback?

Security & GRC Threat & Vulnerability Management

ISSO and Director of the IRU in Healthcare and Biotech, 10,001+ employees

I would definitely suggest this based of how you categorize your types of data/systems and information being stored in certain parts of your data center. I think it’s really dependent on the size of your organization and ...read more

How do you go about convincing your leadership/board to increase investment in security specifically for web apps? What's been effective, in your experience, for communicating why web application security is important?

Security & GRC Security Strategy & Roadmap Threat & Vulnerability Management +1 more

Chief Technology Officer in Software, 51 - 200 employees

Our webapp is using for online booking so it's critical forums to secure it. We have implement d WAF but still we wanted to implement more measures. Got the devops team working on it and now all external exposed endpoints ...read more