With hacks and breaches continuing in spite of all countermeasures, a new type of security model had to be created such that it thwarts further attacks. The new security model had to also adapt to the new devices, threats and apps. This is the ‘Zero Trust model’ which was created by John Kindervag.
What is the ‘Zero Trust model?’:
In the ‘Zero trust security’ model, users should not trust anyone within the network or outside the network. “Never Trust, always verify” is its motto. It is entirely different from the ‘castle and moat’ approach in cyber security. In the ‘castle and moat’ approach, users cannot enter the network easily, but once inside the network they are allowed to access all the network resources and machines. Now, imagine, if a hacker gets inside the network, he will have a free hand and be able to access the resources, machines and passwords. This is what the ‘Zero Trust model’ seeks to avoid.
The ‘Zero Trust’ model is not single point that can be implemented right away. It is a holistic concept that has to be adopted at every level of the organization and by everybody.
How is it adopted?
- Each user is given limited access to the resources. Only if absolutely needed, they are allowed to access other resources. As an example, employee ‘A’ will be given permission to only access server ‘A’ and not server ‘B'(least privileged access)
- Every user will be authenticated several times before accessing the resource. As an example. employee ‘A’ will be asked for username and password before accessing server ‘A’ and will be again asked for username and password if he has permission to access server ‘C’ as well(repeated authentication)
- The network is always assumed to be under threat and employees cannot move from network to network(network is segmented)
- Secure endpoints in a network
This is a brief overview of ‘Zero Trust security model’. I have written a detailed post here
This makes sense. Thanks for introducing another concept
Deepika Sharma
I am happy, Deepika..
I have tried to simplify it as much as possible..
Yes, even I heard about this concept, but never got to know so many details
Nice post !!