Traditional security architecture focuses on the fact, how resources should be secured from outside/ external world.
It focused more on periphery. Read more to find out, how zero-trust (with its slogan - 'Never Trust, Always Verify') is more relevant, in today's constant remote-work scenarios.
Zero Trust Architecture goes beyond periphery, towards all the resources, including internally accessible resources.
Each resource is protected with access control policies, so that , even internal clients need to provide some keys/ credentials.
In Zero Trust environment, the slogan is 'Never Trust, Always Verify'. Before a resource is being accessed, just verify.
And the preferred way of assigning privileges to users is 'least privileges'.
What access is necessary & sufficient for a user to accomplish a task, only that particular access privilege is provided to the user, instead of blanket of privileges.
You may trust the device, but not the user. This is where multi-factor authentication is required.
You may trust the user, but not the device. This is where mandatory device management is required. For example, Microsoft Intune app is installed on devices from where users try to access Microsoft enterprise resources.
Traffic analysis is necessary, in zero-trust model, in-order to decipher anomaly behavior. If some traffic patterns indicate anomalous behavior, immediately the user / device can be immediately blocked.
Originally published at: https://gansai.blogspot.com/2020/07/trending-bytes-what-is-zero-trust_31.html