In the last two years, you would have heard the term Zero Trust being mentioned quite frequently, perhaps due to its role in our everchanging work world and also digital transformation - but what exactly is Zero Trust you may ask?
Well according to Enablis partner Crowdstrike, Zero Trust refers to the security framework in which all users irrespective of whether or not they are part of an organisations network, are subject to continuous authentication, authorisation, and validation prior to data and application access.
This framework is crucial in addressing many modern cyber challenges and threats by securing remote workers and safeguarding the hybrid cloud environment.
CrowdStrike have found that more than 80% of all attacks involve credentials use or misuse in the network. So with constant new attacks against credentials and identity stores, additional protections for credentials and data extend to email security and secure web gateway (CASB) providers.
And a Zero Trust framework ensures greater password security, integrity of accounts, adherence to organisational rules and avoidance of high-risk shadow IT services.
So How does a Zero Trust Framework work?
A Zero Trust framework plays a part in an organisation’s authentication, authorisation, and validation process.
The framework does this by combining ‘multi-factor authentication, identity protection, next-generation endpoint security, and robust cloud workload technology’ to verify a user’s identity. The benefit is that the Zero Trust framework strays from traditional security approaches, as it does not automatically trust users.
According to Crowdstrike, below are some of the identity attributes that a Zero Trust framework relies on:
-
- Geo location
- Credential privileges
- Firmware versions
- Installed applications
- Behaviour patterns
This graphic describes the Benefits of implementing a Zero Trust Framework according to CrowdStrike