Difference between revisions of "Zero Trust"
| Line 11: | Line 11: | ||
==Zero Trust Architecture== | ==Zero Trust Architecture== | ||
| − | Zero Trust Architecture (ZTA) uses zero trust principles to guide industrial and enterprise infrastructure and workflow. Authentication and authorization are discrete functions performed before a session to an enterprise resource is established. | + | Zero Trust Architecture (ZTA) uses zero trust principles to guide industrial and enterprise infrastructure and workflow. Authentication and authorization are discrete functions performed before a session to an enterprise resource is established.<ref>[https://csrc.nist.gov/publications/detail/sp/800-207/final SP 800-27, NIST]</ref> |
| + | ===Components=== | ||
| + | The following components do not make a system trusted; they work together to eliminate trust:<ref>[https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture What is a Zero Trust Architecture, Palo Alto Networks]</ref> | ||
| + | * Protect Surfaces generally includes the most important data, assets, applications, and services (DAAS) in an organization; | ||
| + | * Attack Surfaces; | ||
| + | * A microperimeter goes anywhere the protect surface goes; | ||
| + | * A segmentation gateway, aka a next-generation firewall, allows traffic or legitimate applications to access the protect surface; | ||
| + | * The Kipling Method defines a zero trust policy based on who, what, when, where, why, and how; and | ||
| + | * A Zero Trust policy determines who can cross the microperimeter, stops access to protect surfaces by unauthorized users, and prevents sensitive data exfiltration. | ||
==References== | ==References== | ||
[[Category:Cybersecurity]] | [[Category:Cybersecurity]] | ||
Revision as of 15:00, 10 August 2021
Zero Trust (ZT) is a set of cybersecurity paradigms that focuses on users, assets, and resources instead of static perimeters. Zero trust is a response to trends such as including remote users, bringing one's own device, and cloud-based assets not within an enterprise-owned network boundary. The network location is no longer the prime component of a resource's security.[1]
Principles
- Never trust, always verify.
- No assumptions about assets or user accounts based solely on their physical or network location or asset ownership.
- Protect resources (assets, services, workflows, and network accounts), not network segments.
- Trust is a vulnerability.
History
Zero Trust was created by John Kindervag, while he was vice president and principal analyst at Forrester Research.[2]
Zero Trust Architecture
Zero Trust Architecture (ZTA) uses zero trust principles to guide industrial and enterprise infrastructure and workflow. Authentication and authorization are discrete functions performed before a session to an enterprise resource is established.[3]
Components
The following components do not make a system trusted; they work together to eliminate trust:[4]
- Protect Surfaces generally includes the most important data, assets, applications, and services (DAAS) in an organization;
- Attack Surfaces;
- A microperimeter goes anywhere the protect surface goes;
- A segmentation gateway, aka a next-generation firewall, allows traffic or legitimate applications to access the protect surface;
- The Kipling Method defines a zero trust policy based on who, what, when, where, why, and how; and
- A Zero Trust policy determines who can cross the microperimeter, stops access to protect surfaces by unauthorized users, and prevents sensitive data exfiltration.