What is Zero Trust Architecture
This is part III of the ZTA series, if you have not already done so, please bookmark the series so you can get to past and future vlogs.
An operative definition of zero trust and zero trust architecture is as follows:?
Zero Trust is?
based on an acknowledgement that threats exist both inside and outside traditional network boundaries.?
Zero Trust repeatedly questions the premise that users, devices, and network components should be implicitly trusted based on their location within the network.?
In other words, Zero Trust provides the constructs on which the Zero Trust Architecture builds on, and formalizes the basic building blocks.??
领英推荐
Zero Trust embeds?
This security model bases decisions on who can access what resources on data. This allows the concept of least privileged access to be applied to make sure that only those who need access get it. Answers to questions like who, what, when, where, and how are important in making these decisions.
Zero trust architecture (ZTA) is an enterprise’s cybersecurity plan that utilizes zero trust concepts and encompasses component relationships, workflow planning, and access policies. Therefore, a zero trust enterprise is the network infrastructure (physical and virtual) and operational policies that are in place for an enterprise as a product of a zero trust architecture plan.
The ZT security model assumes that an attacker is present in the environment. The enterprise must not trust anyone implicitly and must continuously evaluate the risks to its assets and business functions. It can do this by using proper access management controls, which will help minimize access to resources and strengthen authentication and authorization of identity and security posture for each access request.
Simply put, ZTA uses the ability of the system to allow or deny a session between the actor/user of the system and the data by way of a device/network/application.