What is Zero Trust?
Zero trust is a strategic approach used by organisations. It includes both employee attitude and security policies put in place.
The attitude side encourages employees to validate every action they take, such as clicking on links in an email. The security policies may include restricting access to data or applications without certain validation, such as multi-factor authentication.
In essence, zero trust is blocking access to all data, applications, sites etc., unless approved for use. If accessed is required, it must go through an approval process. Additionally, you must for example, confirm the legitimacy of an email before clicking on any links or downloading files within.
Why is Zero Trust Important?
Whilst a zero trust approach may seem over the top, it is strong barrier against cyber-attacks. Cyber attackers are evolving past the days of spotting spelling mistakes in phishing emails.
If an employee doesn’t need access to finance data, why take that risk? Here’s a scenario:
Jane works in HR. Her colleague Lewis works in Finance. Jane doesn’t use the data and files in the Finance folders, so you block Jane from accessing it.
One day, Jane clicks on a suspicious link, causing malware to spread on her device. However, only the data Jane has access to is compromised (although, we’d hope a secure backup would be in place!).
A zero-threat strategy also minimises threats from malicious insiders.
The Benefits of Zero Trust
The scenario mentioned above is just one of the many benefits to a zero trust strategy. Others include:
- Increased visibility on user activity with your data
- Reduce the impact from cyber-attacks
- Protects against internal and external threats
Definitions
There are many definitions of zero trust. One of our favourites is: never trust, always verify.
This is closely followed by ABC:
Assume nothing – it’s no longer enough to just assume your data is secure
Believe no one – don’t trust that an authenticated user has rights to access resources
Check everything – check every authentication, check devices, check data
Watch our MD, John, Chat About Zero Trust
Our Managing Director, John Gostling, has recorded a three-minute video explaining zero trust. Watch below and let us know if you need support with this, or further securing your business.