Zero Trust Access
Zero Trust, or Zero Trust Access, is the term applied to the strategy which assumes that you cannot trust the individual or device until verified. The good guys, the bad guys, and all devices are the same and should not be trusted automatically. Proof of trust is verified with credentials.
The term was first coined in 1994 by Stephan Paul Marsh at the University of Stirling as part of his doctoral thesis that focused on trust. Over the next ten years, it became part of the tech vernacular as it relates to defining the perimeter of security access.
Three Principles
While implementing a zero trust strategy can happen in different ways, a zero trust architecture will always have similar elements.
- User/Application authentication – grouped together since some actions are automated
- Device authentication – consideration of access scenarios, will access be granted through a mobile phone, IoT device, different locations, etc
- Trust layers – evaluation of access based on application layers rather than overall network access
- Interaction – a way of duplicating verification through interactivity
Working together, these principles are modeled on the “never trust, always verify” foundation. And that means that even if they are connected to a corporate LAN, they need to be verified. The complexity of today’s technology landscape means that we cannot operate on any assumptions. Just because a device or login exists on a network, verification or validation should not be automatic.
Security From Start to Stop
Breach Secure Now provides MSPs with the tools to identify gaps in their client’s security programs. Additionally, our ongoing training program and other resources then mitigate the risks that are found to further prevent the likelihood of a cyber breach. Contact us today to discuss becoming a partner and learn about the resources we provide for your success!