Think about how to eliminate trust from your network
to prepare to implement a Zero Trust strategy.
When you understand Zero Trust, you see
trust for what it is—a vulnerability that attackers exploit. Attackers
can steal credentials, spoof information in packet headers, and
even be “trusted” employees or partners. Edward Snowden was a trusted
user who had the right antivirus software and the right patch level
on his workstation. He also used Multi-Factor Authentication. But
nobody cared about where he went on the network or the packets he
generated because he was a trusted user, so he could explore the
network and find and exfiltrate sensitive data. The lesson is that
outcome of digital trust is digital betrayal; don’t trust identities, applications,
or data. When you take a Zero Trust viewpoint, you:
Align security with business functions because business
functions determine what you need to protect.
Inspect and log all packets at Layer 7 when they access a resource.
Access all resources in a secure manner regardless of location.
Apply consistent security policy in all locations.
Manage security and segmentation policy centrally.
Accommodate changes as your business changes.
Trust is a failure point you avoid by implementing a Zero Trust