Skip to main content

Posts

Showing posts from August, 2018

12 Steps to Zero Trust Success

A Google search for “zero trust” returns ~ 195Million results.  Pretty sure some are not necessarily related to access management and cyber security, but a few probably are.  Zero Trust was a term coined by analyst group Forrester back in 2010 and has gained popularity since Google started using the concept with their employee management project called BeyondCorp.


It was originally focused on network segmentation but has now come to include other aspects of user focused security management.

Below is a hybrid set of concepts that tries to cover all the current approaches.  Please comment below so we can iterate and add more to this over time.


Assign unique, non-reusable identifiers to all subjects [1], objects [2] and network devices [3]Authenticate every subjectAuthenticate every deviceInspect, verify and validate every object access requestLog every object access requestAuthentication should contain 2 of something you have, something you are, something you knowSuccessful authenticatio…