According to the National Institute of Standards and Technology (NIST), Zero trust is the term for an evolving set of cybersecurity paradigms that move defenses from the static, network-based perimeters to focus on users, assets, and resources. Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned). Authentication and authorization (both subject and device) are discrete functions performed before a session to an enterprise resource is established.
One of the most recent Zero Trust Adoption reports from Microsoft reveals that the Zero Trust strategy is their #1 security priority for security decision-makers, with 96% stating that it’s critical to their organization’s success. Not only does it improve the overall security posture of the organization but also the end-user experience.
Peter Bjork, Principal Architect – Zero Trust, EUC Office of the CTO, VMware delivered an Expert Session on this subject itself titled Zero Trust and the Importance of Continuous Enforcement and shared his experience on how zero trust has been a trusted resource for businesses across the world.
Bjork believes Zero Trust had been struggling with the same hurdles in the beginning as it was with the cloud. But today we have a proper zero trust architecture defined.
Here are a few key points that he talks about in detail:
- Why the perimeter-based model is broken.
- Zero trust is not a product. It’s an architectural mindset.
- White House named zero trust as a better security architecture. And, it boosted interest quite significantly since then.
- How to take control over the session and implement continuous enforcement capabilities.
- Implementation of strong user validation and a start small and learn by doing mindset
Watch this 30-minute video for more insights.
(This article is an extract basis the expert session by Peter Bjork, Principal Architect – Zero Trust, EUC Office of the CTO, VMware at the recently concluded dynamicCISO summit on 10 and 11 March ‘22)