Zero Trust – a new approach to IT security
Feel free to contact med if you want to hear more
A Zero Trust architecture moves the focus away from perimeter security to dynamic protection of users, assets and resources
Companies should not have blind faith in user enquiries based on network connections or physical location. They should instead act as an IT security secret agent – trust no one, suspect everyone. The Zero Trust concept is gaining traction across the world because it is a security architecture that suits our time. With more and more mobile employees and hybrid workplaces, we need a security paradigm that can handle the increased flexibility of today’s work life.
The traditional, static perimeter principle built around a physical ring wall is antiquated. Modern work life calls for a new security paradigm suited to today’s flexible work and different user preferences of working anytime and anywhere. Maximum user freedom under maximum company control is in fact the basis of the Zero Trust security architecture that was developed by the American organisation National Institute of Standards and Technology (NIST).
What is Zero Trust?
The Zero Trust concept is a set of coherent security principles that continuously control the users and the devices that are trying to access company data. Access in the Zero Trust environment is not just granted based on one condition, such as network location, but is continuously evaluated along with different elements, the most important of which are identity, access wanted, device used, and where the data is stored.
Modern companies should support cross-sectional and limitless data exchange. But the data exchange should be monitored every second so that hackers are not let in, and valued information is not let out.
Coherent security principles in the Zero Trust concept
The coherent security principles in the concept are based on several pillars:
Identity and Access Management (IAM)
Zero Trust based Identity and Access Management is about monitoring which users have access to which systems, applications, resources and data. It is not a static picture, but a dynamic function of identity, time, place and device in the Zero Trust architecture.
Endpoint security in the Zero Trust architecture provides the opportunity to define several parameters that make the interface between company data and devices more secure. For example, mobile devices that are no longer supported should not have access to data and systems.
Data and Information Protection
The Zero Trust elements that involve data and information security can be boiled down to four steps and supported with specific tools, so that companies can keep a close eye on how business data is generated and shared across users, devices and systems.
A pragmatic approach to the security paradigm
At Globeteam, we implement the Zero Trust principles that, based on different considerations, make the most sense to the individual company. Often, we can get far with the solutions that already exist just by changing the settings.
Our pragmatic approach to the security paradigm follows the same logic as Globeteam’s other services within cyber security. We stay away from promises to fix everything just by implementing new products or new processes. We start in the corner of the business where security takes up the most space and then we slowly work from there.