logo

Zero Trust

Zero Trust is one of the most widely talked about cybersecurity trends today. The world of cybersecurity has come to the conclusion that the traditional security models are insufficient. ZT is a strategy to design to prevent data breaches and stop data exfiltration.

Exploring

Zero Trust

Zero Trust is one of the most widely talked about cybersecurity trends today. The world of cybersecurity has come to the conclusion that the traditional security models are insufficient and a Zero Trust approach, which operates on the principle of 'never trust, always verify' is a reliable and robust way to conquer the current threats. CSA's mission is to create research, training,professional credentialing and provide an online center for additional curatedZero Trust resources. These tools will enable enterprises to understand and implementZero Trust principles into business planning, enterprise architectures andtechnology deployments. With the release of the Certificate of Competence in Zero Trust (CCZT),based on CSA’s Zero Trust Training (ZTT), CSA delivers the firstauthoritative, vendor-neutral Zero Trust training and certificate that providesthe knowledge needed to understand the core concepts of Zero Trust. Furtherdetails on ZeroTrust Advancement Center | CSA (cloudsecurityalliance.org)

ZT is a strategy to design to prevent data breaches* and stop data exfiltration.

Based on a formulated ZT strategy, ZT is then also considered to be a conceptual way on a tactical level. It is of importance to understand, that tactical measures are not a part of a strategy. Strategy and primarily so called Grand Strategy is the ultimate goal of an organization to achieve and shall remain the same, the Tactics on the other hand shall be defined based on Architectures and Technologies and are considered to be dynamic, will change and get better over time. Strategy, Tactics and Operations need to work together accordingly to execute Zero Trust successfully.
ZT is based on exactly nine things to do and should therefore not be overcomplicated.

Note:*Data breaches are defined in context of a data exfiltration, not as a successful attacker infiltration.

Misconceptions about ZT

- ZT is not a product
- ZT is not an identity
- ZT does not mean making the system trusted

View further details on ZT Misconceptions

Insights on "Zero" Trust

The Godfather of Zero Trust, Mr. John Kindervag, said on several encounters:
"Trust is a human emotion" - Link: Zero-Trust-Dictionary-EN.pdf (on2it.net)"People are not packets" - Link: 240411_John_Kindervag_Win_The_Cyberwar_With_Zero_Trust.pdf(sig-switzerland.ch)

Blog
Publications
Video Resources

Blog

Zero Trust

Zero Trust is one of the most widely talked about cybersecurity trends today. The world of cybersecurity has come to the conclusion that the traditional security models are insufficient. ZT is a strategy to design to prevent data breaches and stop data exfiltration.

Read More

Just a small Fairy Tale on Zero Trust

Once upon a time, in the heart of the Whispering Woods, there was a magical forest teeming with life, where a fairy named Zee and a dwarf named Ooh lived. Zee and Ooh were friends, even though they were quite different. Zee, the clever and sprightly fairy, had always been full of ideas and mischief, always on the move, learning and exploring. Ooh, the sturdy dwarf builder, was grounded and methodical and preferred a quiet life, building things.

Read More

How I passed the #CCZT Exam from #CSA - a personal Experience

#CCZT is a new and currently the only certification for #ZeroTrust from the #CloudSecurityAlliance (CSA) on the market (as far as I know). Are you considering the #CCZT #Certification?

Read More

Publications

Zero Trust Guidance for Small and Medium Size Businesses (SMBs)

This publication provides guidance for small and medium-sized businesses (SMBs) transitioning to a Zero Trust architecture
Request Download

DoD Zero Trust Strategy

This Zero Trust strategy, the first of its kind for the Department, provides the necessary guidance for advancing Zero Trust concept development; gap analysis, requirements development, implementation, execution decision-making, and ultimately procurement and deployment of required ZT capabilities and activities which will have meaningful and measurable cybersecurity impacts upon adversaries. Importantly, this document serves only as a strategy, not a solution architecture. Zero Trust Solution Architectures can and should be designed and guided by the details found within this document.
Request Download

Department of Defense (DoD) Zero Trust Reference Architecture

The DoD Cybersecurity Reference Architecture (CS RA) documents the Department’s approach to cybersecurity and is being updated to become data centric and infuse ZT principles. ZT supports the 2018 DoD Cyber Strategy, the 2019 DoD Digital Modernization Strategy, the 2021 Executive Order on Improving the Nation’s Cybersecurity, and the DoD Chief Information Officer’s (CIO) vision for creating “a more secure, coordinated, seamless, transparent, and costeffective architecture that transforms data into actionable information and ensures dependable mission execution in the face of a persistent cyber threat.” 2 ZT should be used to re-prioritize and integrate existing DoD capabilities and resources, while maintaining availability and minimizing temporal delays in authentication mechanisms, to address the DoD CIO’s vision
Request Download

NSTAC Report

In May 2021, in the aftermath of a series of significant cybersecurity incidents, the White House tasked the President’s National Security Telecommunications Advisory Committee (NSTAC) with conducting a multi-phase study on “Enhancing Internet Resilience in 2021 and Beyond.” The tasking directed NSTAC to focus on three key
Request Download

Zero Trust Architecture

This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130.
Request Download

Zero Trust Maturity Model

Zero trust provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised. The goal is to prevent unauthorized access to data and services and make access control enforcement as granular as possible. Zero trust presents a shift from a location-centric model to a more data-centric approach for fine-grained security controls between users, systems, data and assets that change over time; for these reasons. This provides the visibility needed to support the development, implementation, enforcement, and evolution of security policies. More fundamentally, zero trust may require a change in an organization’s philosophy and culture around cybersecurity.
Request Download

NSA: Embracing a Zero Trust Security Model

As cybersecurity professionals defend increasingly dispersed and complex enterprise networks from sophisticated cyber threats, embracing a Zero Trust security model and the mindset necessary to deploy and operate a system engineered according to Zero Trust principles can better position them to secure sensitive data, systems, and services.
Request Download

Video Resources

Fortifying your Cloud Risk Governance Series: Defining Cloud Strategy

Published on
August 17, 2024

Fortifying your Cloud Risk Governance Series: Establishing Rock Solid Governance

Published on
August 17, 2024

Cyber Risk Management across the entire Supply Chain

Published on
August 17, 2024