by Diana Proud-Madruga
This blog is based on the 2010 Forrester report of the same name.
The old, perimeter-based approach to network security “hard on the outside and chewy in the center” isn’t working. It fails on several fronts:
Zero Trust, introduced by Forrester Research, Inc. in 2010, has a simple view of trust: it doesn’t exist. All network traffic is untrusted. Therefore, security and risk professionals must
Zero Trust easily integrates into the changing landscape of digital business where users are widely distributed and access to networks can come from both human users and devices. Remote employees and users, the Internet of Things and cloud services have blurred the perimeter. Zero Trust, as a data- and identity-centric model, embraces deperimeterization, scalability and flexibility, allowing for phased implementations, even on legacy systems, as well as the ability to meet future needs.
Zero Trust is a new way of thinking about information security. Adopting the concepts of Zero Trust can make an organization more secure, ease compliance burdens and reduce costs while helping the business build trusted relationships with customers and pursue new business and technology opportunities in a more secure manner. The first two steps in accomplishing this are: (1) changing how you and the entire organization think about trust, and (2) integrating Zero Trust into future planning.
Diana Proud-Madruga, CISSP, is a Senior Security Analyst with Electrosoft.