A zero trust strategy enables an organization to validate access and authorization each time a human or non-human (“carbon or non-carbon based”) user requests access to an asset. Conceptually, ZT represents a departure from perimeter-based security, which is poorly suited to an era where cloud, mobility, and extended supply chain interdependencies obviate the “castle and moat” precept, and in which the ability to identify and protect intellectual property (IP) is critical to maintaining competitiveness in a digital business world.
CISOs must integrate zero trust principles into the business’s IT, security, governance, risk, compliance, and privacy strategies. With cloud and mobility integrated into every IT environment, it is not feasible to pursue a security strategy based on a defined perimeter. Zero trust addresses multiple CISO objectives. These include:
- Defining an incremental, continuous improvement path.
- Dealing with the need to limit intrusions and the “blast radius” from exploits.
- Enabling the CISO to adopt a proactive approach rather than continuously responding to threats.
Zero trust is not a technology and can’t be achieved through deployment of a specific product: it requires coordination across all areas of the enterprise, including security and business processes, and security within and across the six ZT technology pillars—identity, devices, network, infrastructure, applications, and data.
Click here to access the Stratascale Executive Guide to Zero Trust report, “Defining Zero Trust”
