You can't protect what you can't see. First complete visibility to understand how everything connects and behaves, which is the cause of security gaps or broken workflows. Once they get complete visibility, they can understand what trust and enforcement policies they need. Then they implement Zero Trust around four enforcement points (identities, devices, networks, applications, and data).

Maximizing Visibility

It's normal to start risk assessment with attack surface analysis. For example, security professionals look at where the perimeter is, how someone might break in and what method they might use. With Zero Trust, it is different. The highest value and highest risk users and assets are recommended starting from the data and applications. Consequently, the protective surface is smaller than the attack perimeter and easier to defend. Prioritise what to protect based on what's critical, then move to the next set of protection surfaces on the priority list.

Understand the protection surface

Data centres traditionally manage networks and surrounding environments by creating a "micro-boundary" in the data centre with a differential segment, meaning only pre-approved traffic flows can pass. When building a Zero Trust Architecture, the principle is the same, but the network segment and boundary will be much smaller. Consequently, the micro-segmentation policy should be de-coupled from the existing network architecture and have the capability to scale at ease. The allowed list is based on policy, not IP addresses.

 Building The New Boundary - Micro-segmentation

Remote workers accessing your network increase the attack surfaces on a new scale. The security team should find ways to reduce the attack surface to minimize exposure. Internally, a micro-segmentation approach gives a secure 1:1 connection to authorized resources. We can also apply Zero Trust security outside the organization against external threats by:<ul><li>proactively mapping your digital footprint,</li><li>monitoring communication channels for attack indicators,</li><li>rapidly mitigating identified threats (including patching).</li></ul>

Reducing Attack Surface

Identity is the foundation of Zero Trust security. It means knowing where all identities originate: user identities, service accounts, application sessions, ephemeral identities, and cloud assets. Identity-based Zero Trust continually monitors every access request made by all users to any resource in the system. It ensures a thorough audit trail for compliance.

Aligning Identities

<ul><li>According to a recent survey conducted by iSMG, 100% of the respondents said that Zero Trust is critical to reducing their cybersecurity risk.</li><li>46% said Zero Trust is the most crucial security practice.</li><li>Another survey by Forrester showed that 78% of security executives plan to raise their use of Zero Trust in 2022.</li></ul> However, there's an execution problem with Zero Trust.<ul><li>Forrester's survey reports full deployment of Zero Trust at only 6%.</li><li>30% said Zero Trust is in partial deployment or production,</li><li>and 63% are in assessment, strategy or pilot phases.</li></ul> As a result, many are just planning, not executing.

Approach Cybersecurity with Zero Trust Strategies

Zero Trust models include Google's <a href="https://cloud.google.com/beyondcorp?ref=hackernoon.com">BeyondCorp</a>, Gartner's <a href="https://www.gartner.com/en/webinars/3891406/the-7-imperatives-of-continuous-adaptive-risk-and-trust-assessme?ref=hackernoon.com">CARTA</a>, NIST <a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf?ref=hackernoon.com">SP800–207</a>, and <a href="https://www.forrester.com/blogs/tag/ztx/?ref=hackernoon.com">ZTX </a>by Forrester. They assume that being compromised is inevitable. The key difference between Cybersecurity and Cyber-Resilience is the focus of response.<ul><li>In cybersecurity, we have DR/ BCP to ensure organizations can continue operations quickly. Yet, cybersecurity still focus on preventive controls.</li><li>Achieving cyber-resilience is not the endgame. It is an endless journey. Organizations must prepare for the worst and identify vulnerabilities before adversaries.</li></ul>

Cybersecurity vs. Cyber-Resilience

With cybersecurity, the question is no longer only how to keep bad players out. Instead, the priority is how to recover as quickly as possible once an attack occurs.

With increased attack surfaces caused by businesses migrating to the cloud and remote workers, Zero Trust has become cybersecurity's most valuable thing.