The term “Zero Trust” was coined in 2010 by security strategist John Kindervag. While working at Forrester Research, Kindervag envisioned a new approach to security where organizations assume that no one, and no device, is inherently “trustworthy.” According to the Zero Trust philosophy, users must “prove” trustworthiness each time they access the network. Over the past decade, Kindervag has continued to refine the concept, helping organizations avoid common pitfalls, such as assuming that
Zero Trust makes a system automatically “trusted,” or that identity and multi-factor authentication (MFA) are enough to make a system secure.
In May 2021, the President of the United States issued an executive order laying out new cybersecurity guidelines for federal agencies—including implementing Zero Trust Architecture. The order was issued in response to “persistent and increasingly sophisticated malicious cyber campaigns that threaten… the American people’s security and privacy.” According to the order, “The Zero Trust Architecture security model assumes that a breach is inevitable or has likely already occurred, so it constantly limits access to only what is needed and looks for anomalous or malicious activity.”
While the cybersecurity problem is serious enough that the U.S. government felt it necessary to mandate Zero Trust throughout its operations, moving to a Zero Trust framework is incredibly challenging. It requires a true transformation that can take years to implement. It’s a paradox: while Zero Trust is a critical piece of security in an increasingly connected world, who can afford to shut down their operations to make their organization compliant all at once? The process is simultaneously critical and overwhelming.
Fear not—we’ve got you covered. In this e-book, we’ll outline four steps you can take to move past paralysis and get your organization on the road to Zero Trust.