What is Zero Trust?
Zero Trust seems to be everywhere at the moment, in fact our CTO recently wrote about the importance of Zero Trust as a defence against cyber crime in Northern Insight. But what is ‘Zero Trust’ and why the hype?
Most frequently credited to John Kindervag’s 2009 research for Forrester, the Zero Trust cybersecurity model promotes a ‘verification always’ ethos. Since its original conception, many technological leaders, from Microsoft to the National Cyber Security Centre, have cultivated individual variations of the Zero Trust model. However, these models always promote verification over trust, staying true to the heart of the Zero Trust concept.
Microsoft’s Zero Trust Model operates under three key principles: verify explicitly, use least privileged access, and assume breach. Their business plan promotes starting small, taking simple but proactive steps to improve your cyber security across a multiyear plan, keeping security improvements affordable and achievable. The end goal can be customised to suit your needs dependent on your organisation’s goals and risk level, but ultimately the steps will work to build a solution that always authenticates, authorises, and encrypts to ensure secure cloud working.