Page 150 - Cyber Defense eMagazine August 2024
P. 150
Improved Remote Workforce Security: Traditional network security is insufficient to secure proliferating
remote work culture. Zero Trust can render advance level of security to access requirements irrespective
of user location.
Protection from Insider Threat: As zero trust doesn’t trust even internal users by default, it minimizes
the potential of insiders to do malicious activities deliberately or inadvertently.
Curtail Blast Radius: Even with strong security defense breaches may occur, with zero trust the
compromise can be significantly reduced by blocking lateral movement of attacker.
Regulatory and Compliance Requirements: Organizations may have several security obligations
under regulations and compliances applicable to them, most of them mandate strong access controls
and data protection. As Zero Trust implies no implicit trust and continuous verification, it can be a
significant constituent in meeting the relevant security requirements.
4. Key Pillars of Zero Trust
There are 5 key pillars of zero trust as described by CISA (Cybersecurity and Infrastructure Agency) of
2
USA in their publication, Zero Trust Maturity Model , initially released in September 2021 and updated in
version 2.0 of the publication released in April 2023.
Identity: The foundation pillar, ensuring only authorized users and devices can access corporate
resources. Identity verification, multi-factor authentication (MFA), role-based access control (RBAC), and
identity risk assessment are keys tools IAM tools.
Device Security: To achieve and maintain high degree of zero trust it is imperative for organizations to
ensure the devices connecting to corporate resources are secured in parameters of compliance to
security standards/policy, threat detection and prevention, management of devices, inventory control,
posture assessment, and risk management.
Networks: Lesser the implicit trusted network segments higher the maturity of Zero Trust in networking
parameter. The maturity level can be assessed progressing with ordered implementation of macro
segmentation, network resiliency, data encryption, dynamic network configurations, risk-aware network
access/network access control, and micro-segmentation.
Application and Workloads: This pillar entails Zero Trust in parameters of security integrated hosting
and access of applications. Security methodologies like separate production and non-production
environments, static and dynamic security testing, CI/CD pipelines for formal code deployment,
integrated threat protection in application workflows, application availability in public networks with
continuously authorized access, and immutable workloads determine the maturity of Zero Trust in the
realm of applications and system workloads.
Data: Probably the most crucial asset of your organization. Implementation of key data security controls
like minimal to full encryption of data, manual to automated inventory and categorization of data,
redundant data stores, DLP implementation, data labelling, and dynamic access controls can determine
the maturity of Zero Trust in the data security of organization.
Cyber Defense eMagazine – August 2024 Edition 150
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
