5. Overview of Zero Trust
• “Zero Trust Model” was coined by Forrester Research
analyst and thought-leader John Kindervag in 2010
• “never trust, always verify.”
• based on the assumption that risk is an inherent factor
both inside and outside the network.
7. 1.Overview of Zero Trust
2.Why Does Zero Trust Matter?
3.Principles of Zero Trust
4.Getting Started
5.Conclusion
PLAN
8. Why Does Zero Trust Matter?
• The human concept of boundaries or the perimeter
• The evolving nature of risk and threats
9. Why Does Zero Trust Matter?
The human concept of boundaries or the perimeter
10. Why Does Zero Trust Matter?
The human concept of boundaries or the perimeter
Change of tactics. Breach from the INSIDE!
11. Why Does Zero Trust Matter?
The evolving nature of risk and threats – LANDSCAPE SHIFT
12. Why Does Zero Trust Matter?
LANDSCAPE SHIFT – Information & Technology
13. Why Does Zero Trust Matter?
Business Challenges: Increased access, attack surface & gaps in visibility
14. 1.Overview of Zero Trust
2.Why Does Zero Trust Matter?
3.Principles of Zero Trust
4.Getting Started
5.Conclusion
PLAN
15. Principles of Zero Trust
Traditional Zero Trust
Move away from
• Assumptions
• Implicit Trust
Move towards
• Strong authentication
• Context
• Explicit Trust
16. Principles of Zero Trust
Focuses on protection of data, not on
attacks
Assumes all environments are hostile
and breached
No access device until user + device is
proven “trusted”
Authorize and encrypt all transactions
and flows
All activity is logged
17. 7 Zero Trust Foundational Rules
1. All data sources and computing services are considered resources.
2. All communication is secured regardless of network location.
3. Access to individual enterprise resources is granted on a per-session basis.
4. Access to resources is determined by dynamic policy.
5. The enterprise monitors and measures the integrity and security posture of all
owned and associated assets.
6. All resource authentication and authorization is dynamic and strictly enforced
before access is allowed.
7. The enterprise collects as much information as possible about the current state
of assets, network infrastructure and communications, and uses it to improve
its security posture.
Source: NIST Special Publication (SP) 800-207 (2020), Zero Trust Architecture
Principles of Zero Trust
18. Principles of Zero Trust
Source: NIST SP 800-207 ZERO TRUST ARCHITECTURE
19. Principles of Zero Trust
Types of Trust Algorithms
• Criteria- versus
score-based
• Singular versus
contextual”
25. 1.Overview of Zero Trust
2.Why Does Zero Trust Matter?
3.Principles of Zero Trust
4.Getting Started
5.Conclusion
PLAN
26. Conclusion
• The perimeter no longer exists
• Identity and credentials are the new perimeter
• Assume breach
• Insiders carry the greatest risk – as targets and as threats
• Start your Zero-Trust Initiative with Zero-Trust Thinking
• Automate & Orchestrate your Security Policy