Given how zero trust security is getting a lot of attention these days, you may think it’s a new concept. But it was back in 2010 when John Kindervag of Forrester Research first coined the term “zero trust” to describe their security model, which had a simple rule: “Trust no one.”
Ironically, it’s the simplicity of the rule that spawned much confusion as to what zero trust is and how it works. With zero trust, a person or a device will have to be controlled, authenticated, and authorized all the time. Persons or devices will not be trusted even when already inside a system, and all requests have to be verified at all times.
Along with the recent surge in interest in zero trust are many misconceptions about it. Let’s tackle the most common of them.
Fallacy #1: Zero trust means endless logins
Yes, zero trust dictates that users are authenticated every time they do or access anything. No, it doesn’t mean there’s a login page and password every step of the way — that’s an incorrect application of zero trust, and it’ll definitely lead to user dissatisfaction, lower productivity, and reduced agility.
Instead, access is allowed using a combination of risk-based authentication, machine learning, and user behavior analysis. Simply put, there’s a system in place that authenticates users many times, but these are done behind the scenes so as not to bother the users at each and every step.
Fallacy #2: Achieving zero trust is harder in the cloud
This is due to a persistent misconception that security is more difficult in the cloud. The truth is that almost all data breaches involving the cloud actually occurred at the hands of end users, with mismanaged access rights as the most common issue.
In fact, the best time to deploy an efficient zero trust model is during cloud deployment and migration. It’s the perfect opportunity to put multiple security barriers in place; in turn, these security checks will reduce mismanagement of access rights.
Fallacy #3: Zero trust security is focused on the user
It’s not true that zero trust is only for outside users who need access to your system. With zero trust, even your employees shouldn’t be trusted when accessing your network. Zero trust is applied to both outsider and insider, since even your most loyal employees can make a mistake that inadvertently creates a data breach — for example, leaving their laptop unattended in a public space, like a coffee shop, while they’re logged on to your system.
However, the statement “Your employees shouldn’t be trusted” needs further elaboration.
Fallacy #4: With zero trust, you don’t trust your employees
All employees start with the same zero trust baseline. Meaning, every staff member, regardless of position, is equally a potential vulnerability to your network.
However, an employee can become more trusted, and their access rights increased, based on their earned confidence level. An AI algorithm analyzes and assesses many contextual data points, such as time of day, location, device used, job responsibilities, and user behavior, among others. Based on those data points, it measures the level of confidence — be it low, medium, or high — then allows (or rejects) access requests accordingly.
An employee’s confidence level is never constant. It’s always based on the context surrounding the employee’s request for access.
Fallacy #5: Zero trust is a ploy to sell cybersecurity software and services
Some people may shrug off zero trust as just a hot buzz phrase of the moment. But security experts now agree that many of the data breaches and cyber break-ins of the past were due to weak, stolen, or compromised credentials. Zero trust security is the remedy to outmoded security strategies and should put an end to the era of implicit trust.
Of course, implementing a zero trust network requires appropriate software and experienced service. If you want to go zero trust, then you need to trust our security experts at Online Computers. We’ll assess your business needs and provide you with a holistic approach to your cybersecurity. If your business is in Hanover, Morristown, or Madison, and you need IT infrastructure and cybersecurity that can keep out today’s numerous threats, contact us today.
Like This Article?of our most popular posts