Zero Trust : How to Get Started

1. 1.Overview of Zero Trust 2.Why Does Zero Trust Matter? 3.Principles of Zero Trust 4.Getting Started 5.Conclusion PLAN

2. Trust: Human interactions are guided by the concept of trust Overview of Zero Trust

3. Trust but verify.

4. Overview of Zero Trust • “Zero Trust Model” was coined by Forrester Research analyst and thought-leader John Kindervag in 2010 • “never trust, always verify.” • based on the assumption that risk is an inherent factor both inside and outside the network.

5. Overview of Zero Trust

7. Why Does Zero Trust Matter? • The human concept of boundaries or the perimeter • The evolving nature of risk and threats

8. Why Does Zero Trust Matter? The human concept of boundaries or the perimeter

9. Why Does Zero Trust Matter? The human concept of boundaries or the perimeter Change of tactics. Breach from the INSIDE!

10. Why Does Zero Trust Matter? The evolving nature of risk and threats – LANDSCAPE SHIFT

11. Why Does Zero Trust Matter? LANDSCAPE SHIFT – Information & Technology

12. Why Does Zero Trust Matter? Business Challenges: Increased access, attack surface & gaps in visibility

14. Principles of Zero Trust Traditional Zero Trust Move away from • Assumptions • Implicit Trust Move towards • Strong authentication • Context • Explicit Trust

15. Principles of Zero Trust Focuses on protection of data, not on attacks Assumes all environments are hostile and breached No access device until user + device is proven “trusted” Authorize and encrypt all transactions and flows All activity is logged

16. 7 Zero Trust Foundational Rules 1. All data sources and computing services are considered resources. 2. All communication is secured regardless of network location. 3. Access to individual enterprise resources is granted on a per-session basis. 4. Access to resources is determined by dynamic policy. 5. The enterprise monitors and measures the integrity and security posture of all owned and associated assets. 6. All resource authentication and authorization is dynamic and strictly enforced before access is allowed. 7. The enterprise collects as much information as possible about the current state of assets, network infrastructure and communications, and uses it to improve its security posture. Source: NIST Special Publication (SP) 800-207 (2020), Zero Trust Architecture Principles of Zero Trust

17. Principles of Zero Trust Source: NIST SP 800-207 ZERO TRUST ARCHITECTURE

18. Principles of Zero Trust Types of Trust Algorithms • Criteria- versus score-based • Singular versus contextual”

19. Principles of Zero Trust

21. Getting Started • What are your ‘crown jewels’? • Where are they? • Who looks after them?

22. Getting Started Governance Policy Automation & Orchestration Security Controls Talent & HR

23. Getting Started Users & Devices • MFA • Biometrics • PKI • IoT Apps & Data • Data Classification • DLP • Microservices • APIs • DevSecOps Networks • Microsegmentation • Cloud • SD-WAN • SASE

25. Conclusion • The perimeter no longer exists • Identity and credentials are the new perimeter • Assume breach • Insiders carry the greatest risk – as targets and as threats • Start your Zero-Trust Initiative with Zero-Trust Thinking • Automate & Orchestrate your Security Policy

26. Call to Action Verify, then trust!

27. M E R C I ! T H A N K Y O U ! QUESTIONS ?

28. Resources Microsoft Assessment https://www.microsoft.com/en-ww/security/business/zero-trust/maturity-model-assessment-tool BeyondCorp: Google’s Implementation of Zero Trust https://cloud.google.com/beyondcorp

Zero Trust : How to Get Started

You are reading a preview.

Check these out next

Zero Trust : How to Get Started

More Related Content

Similar to Zero Trust : How to Get Started (20)

More from EyesOpen Association (20)

Recently uploaded (20)