A new framework that’s gaining ground and attention in the business world is the Zero Trust Architecture Model, or ZTA. A cloud-based solution, ZTA marries the worlds of identity-based access and network security together into one system. It will likely become the standard for business security once it takes hold.
The JD Supra website has a news story about ZTA that quotes the National Institute of Standards and Technology (NIST), which has written extensively about Zero Trust and its uses. The article talks about three different areas that give it its distinctive paradigm: verification into a network is continuously required to gain access to its resource, so therefore no person can be trusted from inside or outside a network.
Here’s a look at those three areas:
Planning industrial and enterprise workflows: In ZTA, no internal trust privileges are granted to accounts or assets in a system. This is regardless of location — either physically or on a network — as well as ownership.
Authentication and authorization: With Zero Trust, these are now performed before a session begins so a network-wide usable resource can be established. This is true for both users or specific devices in a network.
Remote locations: The whole idea behind ZTA is to give remote users access to enterprise networks for cloud-based assets that are not within the owner’s network boundaries.
So, why so stringent? The idea behind Zero Trust is to stop data breaches in the most complete way possible. As the article points out, the phrase “never trust, always verify” is a big part of the philosophy behind this idea.
In another article on Zero Trust in Forbes, the authors make the case that ZTA should help integrate cybersecurity tools more, making it easier for network and security leaders at a company to oversee what’s working.
The Forbes story also talks about NIST’s guidance publication on ZTA. Here, it states that Zero Trust isn’t meant to be “a single architecture but a set of guiding principles for workflow, system design, and operations.” That means that it can be used for new products that would have distinctive attributes for a business that needs to boost its cybersecurity.
This also includes CHIPS, which has developed our own Zero Trust endpoint protection solution, called AppGuard. We have several webinars set for the fall to demonstrate AppGuard and give more details to see if it’s a solution for you. Go to our Calendly site to see available dates and times.