Zero trust, originally coined from a security analyst at Forrester Research, is a security concept unique in the way it looks at internal network security. The assumption that internal security is typically, if not always, secure/trusted and that any threat would come from the outside is not zero trust. As a matter of fact zero trust is just the opposite. Verify anything and everything internally and externally.
In other words a strictly perimeter security approach is not enough especially since the perimeter really isn’t all that well defined anymore with cloud data and users with multiple devices and locations muddying the water even more.
Food and Beverage needs a new security concept?
It’s a ransomware thing. “The higher the expectation for service reliability, quality and trust, the more likely the business will be a target of the attack. For these companies the impact due to loss of revenue and reputation is much greater than the payout. They also have the working capital to pay the ransom. Utilities, oil and gas operators, pipelines, chemical manufacturing, and the food and beverage industry are prime targets” – Duncan Greatwood, CEO of Xage, a zero-trust security company.
Zero trust snapshot.
1. The zero trust approach expects enterprises to leverage micro-segmentation and also a much more granular perimeter enforcement. This is typically based on users, their locations and other data to determine whether to trust a user seeking access to a specific part of an enterprise.
2. Zero trust draws on technologies such as: multi-factor authentication, IAM, orchestration, analytics, encryption, scoring and file system permissions. It also sets policies such as giving users the least amount of access they need to accomplish a specific task for example.
3. Push Notification Authentication is also a key element to consider. It enables a user authentication by sending a push notification directly to a secure application on the user’s device, This then will alert them that an authentication attempt is taking place. Users can then view authentication details and approve or deny access.
While I have only touched on a few of the items zero trust could encompass, understanding and implementing this kind of security concept can be critical for any business targeted by hackers. Some of my current clients would have possibly been better served with this security concept as they were hacked which was devastating to production and their bottom line.