jacobZero Trust Architecture is about putting the paranoid back into data security. Every connection must be authenticated. Every access point is a potential vector for malware infection. Every fibre optic cable, off-premise data centre, or public cloud is potentially compromised. Zero Trust always assumes that someone might already be listening in on your traffic so you must act accordingly.
The most common IT security strategy known as the Layered Defense Model or Contemporary Perimeter Model and has been used in military circles for millennia under names such as ‘Defense-in-Depth‘ or ‘Castle Defense System’ and were based upon the ideas of moats and drawbridges, castle walls and turrets, which became firewalls and DMZ (Demilitarized Zones) in data security vernacular. There were always multiple layers and chokepoints to defend a castle but once within the city limits a level of trust is bestowed upon a citizen to not attack the layers of defense from within.
The battles that most notably challenged the Castle Defence System was the Trojan War of Greek Mythology. More recently: the inability of the European Union to safeguard its citizens from terrorism once an attacker passes through its border checks into the Schengen Area.
In IT Security the old days of privileged users moving freely within a secure network after passing through a checkpoint on the perimeter are being replaced with the Zero Trust philosophy that, according to Zero Trust Security – An Enterprise Guide, is built on these 5 assertions:
- The network is always assumed to be hostile.
- External and internal threats exist on the network at all times.
- Network locality is not sufficient for deciding trust in a network.
- Every device, user, and network flow is authenticated and authorized.
- Policies must be dynamic and calculated from as many sources of data as possible.
