How Do I Adopt a 'Zero Trust' Framework?

You can't protect what you can't see. First complete visibility to understand how everything connects and behaves, which is the cause of security gaps or broken workflows.

Once they get complete visibility, they can understand what trust and enforcement policies they need. Then they implement Zero Trust around four enforcement points (identities, devices, networks, applications, and data).

Data centres traditionally manage networks and surrounding environments by creating a "micro-boundary" in the data centre with a differential segment, meaning only pre-approved traffic flows can pass.

When building a Zero Trust Architecture, the principle is the same, but the network segment and boundary will be much smaller. Consequently, the micro-segmentation policy should be de-coupled from the existing network architecture and have the capability to scale at ease.

The allowed list is based on policy, not IP addresses.

Identity is the foundation of Zero Trust security. It means knowing where all identities originate: user identities, service accounts, application sessions, ephemeral identities, and cloud assets.

Identity-based Zero Trust continually monitors every access request made by all users to any resource in the system. It ensures a thorough audit trail for compliance.

Remote workers accessing your network increase the attack surfaces on a new scale. The security team should find ways to reduce the attack surface to minimize exposure.

Internally, a micro-segmentation approach gives a secure 1:1 connection to authorized resources.

We can also apply Zero Trust security outside the organization against external threats by:

• proactively mapping your digital footprint,
• monitoring communication channels for attack indicators,
• rapidly mitigating identified threats (including patching).

Zero Trust models include Google's BeyondCorp, Gartner's CARTA, NIST SP800–207, and ZTX by Forrester. They assume that being compromised is inevitable.

The key difference between Cybersecurity and Cyber-Resilience is the focus of response.

• In cybersecurity, we have DR/ BCP to ensure organizations can continue operations quickly. Yet, cybersecurity still focus on preventive controls.
• Achieving cyber-resilience is not the endgame. It is an endless journey. Organizations must prepare for the worst and identify vulnerabilities before adversaries.