Why Zero Trust Is Not As Bad As It Sounds

by Patrick Knight | Mar 01, 2018

What is Zero Trust?
“Zero Trust” refers to a network security strategy that calls for all users – internal and external – to be authenticated before gaining access to the network. Zero Trust means organizations never implicitly trust anyone with their sensitive data. Instead of using a blanket network perimeter, Zero Trust networks implement a series of micro-perimeters around data so only users with clearance to access certain data points can get to them.

It essentially makes sure that users are given the least amount of access possible to still achieve what they need and are supposed to. Zero Trust also means logging all traffic, internal and external, to look for suspicious activity and weak points.

Why are companies adopting Zero Trust?
Security breaches are getting more common and more expensive – despite increased security budgets. Zero Trust is more than a software platform; it’s an attitude about users and data. Rather than trusting internal network users and focusing on external hackers, organizations are wising up to the reality of malicious insiders and the need to play it safe by protecting information from all users.

Security strategies are becoming an important part of the business conversation, and new measures and attitudes are being introduced. In an interview with CSO, Chase Cunningham from the firm who coined the term “Zero Trust,” says that many companies are undergoing a digital transformation. As you move to the cloud, “there’s where you start your Zero Trust journey.”

Zero Trust isn’t as harsh as it sounds
The Zero Trust strategy isn’t saying, “no user is safe, ever.” Obviously companies can’t function with that mindset. Rather, it means that when it comes to sensitive data, people should have to prove they are authorized to see it before they’re granted access.

60% of network attacks are by insiders – three-quarters of which are done with malicious intent. If the majority of network attacks are done by people who are traditionally trusted network users, why not start putting some restrictions on their access? That’s all Zero Trust says to do. It prioritizes privacy by making sure sensitive data is only accessed on a need-to-know basis.