Photo credit: www.csoonline.com
How Zero Trust Works
To understand the mechanics of zero trust security, let’s consider a user trying to access a shared web application. In a conventional security model, when a user connects from a corporate network, whether in the office or through a VPN, they can easily access applications without additional verification, based on the assumption that being inside the network indicates trustworthiness.
Contrastingly, zero trust adopts a more stringent protocol. In this framework, every user must verify their identity before gaining access to any application. The application itself is also required to validate the user’s credentials to confirm they possess the necessary permissions. This rigorous process ensures that even if an unauthorized individual manages to infiltrate the corporate network, they are still barred from accessing sensitive information or specific functionalities. Additionally, this model emphasizes mutual verification: users need to authenticate the application through means such as signed digital certificates, thereby reducing the risk of encountering malware or other cyber threats.
The breadth of interactions a user engages in daily highlights the extensive range zero trust must encompass. “All requests for access [must] meet the standards of the zero trust architecture,” explains Jason Miller, founder and CEO of BitLyft, a prominent managed security services provider. “Key attributes for validation may include the user’s geographic location, identity, and the device they are using. This approach necessitates ongoing monitoring to effectively authenticate both the user and their device at all times.”
Source
www.csoonline.com