A popular sci-fi show from the 1990s, The X-Files, had a tag line that is very relevant in today's society: "Trust no one." In our working and personal lives, this is a valuable security stance to adopt when we are online. However, trust does play a role in establishing an individual's identity and granting access to applications and data so they can do their job.
With remote working becoming the norm, this is adding a dimension to the access model. An organization's risk profile is also changing as we open more critical systems and data to remote working. The organizational perimeter is now significantly wider; multiple ISPs, Wi-Fi hot spots, home routers and endless bring-your-own-device choices make identifying the end user difficult.
So how do we deal with identifying our remote workers, ensuring they are who they say they are, giving them the right access to required systems and data, and ensuring they are working in a compliant way? Enter the zero trust security model.
The term "zero trust" was first introduced by an analyst at Forrester Research Inc. in 2010. A zero trust design removes the idea of a trusted network inside a defined corporate perimeter. At a practical level, according to the National Cybersecurity Center of Excellence, "a zero trust architecture treats all users as potential threats and prevents access to data and resources until the users can be properly authenticated."
Read more at: Forbes