We’re kicking off a series of blog posts on the Zero Trust model of enterprise data protection. The model is championed by Forrester Research who have published a report, The Zero Trust eXtended Ecosystem, which establishes a framework for selecting technologies that “empower and extend” Zero Trust goals.
As the posts progress, we’ll cover the essential tent poles of Zero Trust you can apply, namely:
- Security Intent
Before we get rolling, we need to clear up a common misunderstanding across some pockets of security professionals.
Microsegmentation and Zero Trust are NOT the same thing.
You will run into people who believe that, though.
Rather, microsegmentation is the architectural design that serves a Zero Trust model.
Many companies move to a microsegmentation model because they want to isolate their assets, hiding them behind microperimeters that allow for greater protection and flexibility.
They aren’t necessarily moving to that model because they want zero trust.
But microsegmentation, when done properly and combined with other factors, can create a Zero Trust environment.
In the Zero Trust model, no communication, system, user, machine or packet goes anywhere without validation. Everything and everyone must authenticate and only authorized machines and humans may pass through the network.
Imagine going to the airport and having to stop at a security protocol not just when you normally would, but when you wanted that magazine, that coffee, that delectable three-day old Danish…
… that’s Zero Trust, and you can get there with a microsegmented security infrastructure.
Hope isn’t a strategy
The biggest detractors of a microsegmentation/Zero Trust type approach speak to the potential hassle. If pre-microsegmentation you had 50 firewalls and now you have 50,000, well, that’s a little bit more Xanax every month for the people with the most responsibility for your networks.
That’s the conventional way of thinking about all this, though. You can get there.
But hope isn’t a strategy, except maybe in Disney movies about baseball.
Now you need the path.
We’ll take the first step, visibility, in our next post.