Why adapt the Zero Trust Architecture

If you are still with me, you are either associated with a public sector agency who is under a mandate to get your systems aligned with the ZTA, or an overly cautious Security professional in the commercial sector.?

This is part IV of the ZTA series, if you have not already done so, please bookmark the series so you can get to past and future vlogs.

Nowadays, many businesses have multiple networks - some on prem and some in the cloud - as well as remote offices and workers. This has begun to stress the traditional idea of perimeter-based network security.

The biggest challenge for the CISO is that they have a lot of legacy applications that rely on the idea that everyone can be trusted. The same goes for the network, devices, and data stores.

Back in the days, I authored an article about Single Sign On and compared it to how we get authenticated at a TSA checkpoint using our State issued driving license or passports. That was a perfect example of ‘implicit trust’. We trust you because a different agency says so!

If you have traveled recently, you should have seen how the TSA is extending the paradigm further. They can pull up your boarding card with your ID. Some airports have pilot programs with facial recognition and TSA apps. These are TSA’s efforts to shift towards ZTA. They really want to get to know who you are and capture your travel itinerary based on being able to recognize you and capture your travel records from the airline in real-time!

As the ZTA matures, it is the right time to look at the gap between your infrastructure and system processes present with respect to ZTA and evolve. You can learn more about the architecture and use it to plan your short term and long-term modernization efforts and prioritize them accordingly.

As technology evolves, it is becoming possible to continually analyze and evaluate access requests in a dynamic and granular fashion to a “need to access” basis to mitigate data exposure due to compromised accounts, attackers monitoring a network, and other threats.?

Understanding the architecture will enable us to find and implement use cases to identify these vulnerabilities and implement granular solutions to achieve ZTA on a piecemeal basis.