Zero Trust with shield and fingerprint graphic
Zero Trust with shield and fingerprint graphic

What is Zero Trust?

Zero trust is a strategic approach used by organisations. It includes both employee attitude and security policies put in place.

The attitude side encourages employees to validate every action they take, such as clicking on links in an email. The security policies may include restricting access to data or applications without certain validation, such as multi-factor authentication.

In essence, zero trust is blocking access to all data, applications, sites etc., unless approved for use. If accessed is required, it must go through an approval process. Additionally, you must for example, confirm the legitimacy of an email before clicking on any links or downloading files within.

Why is Zero Trust Important?

Whilst a zero trust approach may seem over the top, it is strong barrier against cyber-attacks. Cyber attackers are evolving past the days of spotting spelling mistakes in phishing emails.

If an employee doesn’t need access to finance data, why take that risk? Here’s a scenario:

Jane works in HR. Her colleague Lewis works in Finance. Jane doesn’t use the data and files in the Finance folders, so you block Jane from accessing it.

One day, Jane clicks on a suspicious link, causing malware to spread on her device. However, only the data Jane has access to is compromised (although, we’d hope a secure backup would be in place!).

A zero-threat strategy also minimises threats from malicious insiders.

The Benefits of Zero Trust

The scenario mentioned above is just one of the many benefits to a zero trust strategy. Others include:

  • Increased visibility on user activity with your data
  • Reduce the impact from cyber-attacks
  • Protects against internal and external threats

Definitions

There are many definitions of zero trust. One of our favourites is: never trust, always verify.

This is closely followed by ABC:

Assume nothing – it’s no longer enough to just assume your data is secure

Believe no one – don’t trust that an authenticated user has rights to access resources

Check everything – check every authentication, check devices, check data

Watch our MD, John, Chat About Zero Trust

Our Managing Director, John Gostling, has recorded a three-minute video explaining zero trust. Watch below and let us know if you need support with this, or further securing your business.

Latest Guides

Microsoft 365 Monthly Feature Update. Microsoft Logo.
Microsoft 365 Monthly Feature Update
Check out our top three Microsoft 365 feature releases each month.
Microsoft End of Life Updates with Microsoft Logo
Microsoft: End of Life Updates
Updates on Microsoft products and services that will no longer be supported.
How to Add Pronouns in Microsoft 365
Learn how to enable and add pronouns to your Microsoft 365 profile card.