Forrester Research reported that 80 percent of Data Breaches are initiated using privileged credentials, and 66 percent of organizations still rely on manual methods to manage privileged accounts.
Organizations must discard the old model of ‘trust but verify’ which relied on well-defined boundaries. The new model of “Zero Trust” mandates a ‘never trust, always verify, enforce least privilege” approach from inside and outside the network.
Conventional security models operate on the outdated assumption that everything on the inside of an organization’s network can be trusted. But given increased attack sophistication and insider threats, new security measures need to be taken to stop them from spreading once inside. Because traditional security models design to protect the perimeter, threats that get inside the network are left invisible, uninspected and free to morph and move wherever they choose to successfully extract sensitive and valuable data.
Another principle of Zero Trust security is least-privilege access. This means giving users only as much access as they need. Zero Trust security also utilizes microsegmentation. Microsegmentation is the practice of breaking up security perimeters into small zones to maintain separate access for separate parts of the network.
Multi-factor authentication is also a core value of Zero Trust security. MFA simply means requiring more than one piece of evidence to authenticate a user. Beyond a password, the second factor for authentication is typically based on something the user is (fingerprint, eye scan, etc.), or something the user knows (mother’s maiden name, pin number, etc.), or something the user has (cell phone, keyfob, etc.).
In addition to controls on user access, Zero Trust also requires strict controls on device access. Zero Trust systems need to monitor how many different devices are trying to access their network and ensure that every device is authorized. This further minimizes the attack surface of the network.