Zied's Blog

My thoughts on Zero Trust

February 17, 2024

Zied's thoughts on Zero Trust

Do you worry that cyberattacks will get smarter? It's time to stop trusting everything and try a new way of keeping enterprise assets safe.

I am suspicious of the terms related to new technologies and trends in security models. However, Zero Trust in cybersecurity is an exception that I find interesting. As a cybersecurity expert, you should know what the term means regarding new security models and architectures, upcoming challenges, and possible answers.

Overall, it's clear that agreeing on a single meaning of "Zero Trust" and knowing how it affects corporate security architectures and models will be very hard. Each organisation needs to understand what "Zero Trust" means in its respective contexts. This article will provide practical insights to help organisations define the Zero Trust security model and build an appropriate implementation strategy.

What Is Zero Trust?

It has been said that the idea of "Zero Trust" doesn't have a single meaning that works for all small businesses. According to my enterprise clients, the best way to define Zero Trust for the whole organisation is to build a unique set of zero Trust principles. These principles are based on the core tenets of Zero Trust and are meant to be understood and followed by everyone in the company, regardless of their level.

The following are the core tenets of Zero Trust that should be thought about:

Assume Breach

Operate and protect the organisation as if an enemy has already broken in, which is the basis of the Zero Trust concept.

Never trust; always verify

Assuming a breach has already occurred, you must stop implicitly trusting assets that have successfully entered the traditional security perimeter. Think of every person, device, application, network, or transaction as malicious, which must be continually verified.

Verify Explicitly

Each access from a person, device, application, or asset is explicitly verified. Combine static attributes (such as identity attributes or user entitlements) and dynamic attributes (such as risk scores) to enforce adaptive and consistent security controls.

Why Does Zero Trust Matter Nowadays?

Many companies agree that new technologies like cloud computing, artificial intelligence, network virtualization, and new working methods, especially during the COVID-19 pandemic, have forced businesses to store and process their data outside the usual security perimeter. Because of this change, the threat landscape has dramatically changed, making more advanced and technical threats possible. The old castle and moat protection methods must be transformed.

Zero Trust Strategy

The CIO and CISO can sit together at a table and lead their organisations toward the successful implementation of Zero Trust. All IT service units must plan for Zero Trust as part of their strategy. Understanding how Zero Trust can help your company reduce cyber risks means ensuring it meets all market regulations and standards. The CSA has put out a paper that will help you explain why Zero Trust is good for business.

The most effective strategy for achieving Zero Trust benefits begins with identifying strategic business use cases. It's crucial to collaborate closely with business teams to comprehend their requirements, highlight the security constraints associated with existing design patterns—primarily based on traditional security parameterization—and delineate the scope of the use case through an interactive method.

Mergers & acquisitions (M&A) represent one of many enterprises' most prevalent use cases. The Zero Trust model can effectively mitigate threats associated with these scenarios without negatively affecting the user experience, ensuring cost control, and optimising delivery time. I will discuss this in detail in my upcoming articles.

Zero Trust Framework

Each company should make its own Zero Trust framework that fits its values, culture, methods, organisation, and way of doing things. You can also use and change frameworks from other places, like those made by US government agencies, to make them work for you.

If you want a more in-depth discussion and guidance in creating your Zero Trust strategy, please do not hesitate to contact us. I am glad to be of assistance in clarifying myths and developing a plan that is both logical and attainable. I have made a complete Zero Trust framework using the NIST, CSF, and my study on the subject as guides.

Profile picture

Zied is a Network & Security Architect with over 13 years in networking and security. He started his career in telecommunications and service providers networks engineering in 2010. He is passionate about learning new skills and taking on new responsibilities. He is optimistic, hardworking, and ready to take every possible positive opportunity. He is vigilant and has performed well on every task assigned to him. Follow Zied on Linkedin