Zero Trust security trusts nothing by default unless it can prove explicit identification of who it is each time it connects.
Why Zero Trust?
With many IT assets now outside traditional perimeters, IT security is at a crossroads. To address this new reality, organizations are turning to implementing Zero Trust. Zero Trust is a security concept where nothing is trusted and assumes a breach is inevitable or has likely already occurred.
The Zero Trust approach is a response to trends including hybrid working, Bring Your Own Device (BYOD), and cloud-based assets that are not located within an enterprise-owned network boundary. Zero Trust focuses on protecting resources, not network segments, as the network location is no longer seen as the prime component to the security posture of the resource.
Zero Trust - the guiding principles
Following NSA's (National Security Agency) Guiding Principles, Zero Trust solutions require operational capabilities that:
Never trust, always verify
Treat every user, device, application/workload, and data flow as untrusted. Authenticate and explicitly authorize each to the least privilege required using dynamic security policies.
Assume breach
Consciously operate and defend resources with the assumption that an adversary already has presence within the environment. Deny by default and heavily scrutinize all users, devices, data flows, and requests for access. Log, inspect, and continuously monitor all configuration changes, resource accesses, and network traffic for suspicious activity.
Verify explicitly
Access to all resources should be conducted in a consistent and secure manner using multiple attributes (dynamic and static) to derive confidence levels for contextual access decisions to resources.
Zero Trust Standard
NIST 800-207 is the most vendor neutral, comprehensive standard for Zero Trust. NIST 800-207 describes Zero Trust as a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised. Zero Trust Architecture (ZTA) is an enterprise’s cybersecurity plan that utilizes zero trust concepts and encompasses component relationships, workflow planning, and access policies.
The goal of Zero Trust is to prevent unauthorized access to data and services coupled with making the access control enforcement as granular as possible. According to NIST, only authorized and approved subjects (combination of user, application (or service), and device) can access the data to the exclusion of all other subjects (i.e., attackers). They even take it one step further by substituting the word “resource” to “data”, so that Zero Trust and Zero Trust Architecture are about accessing resources and not just data.
Implementing Zero Trust - which focusses on users, assets and resources -usually require a complex, hard-to-deploy, rip-and-replace approach. It can take years to implement — critical time lost, accompanied by escalating costs, all while new threats continue to evolve and attack.
With this in mind, Soliton focused (many years ago) on Data Centric Security which became the cornerstone of our Zero Trust solutions.
We understand the vulnerabilities of conventional solutions. To explain this: VPN is a vulnerability for remote access, therefore we eliminated VPN from our solutions.
Our solutions protect a mix of personal and company data on any device from cross contamination. Soliton is unique in that it provides IT security on unmanaged devices, thus enabling BYOD.
There is no need to install an entire new layer of infrastructure just to secure access to your resources. Our solutions are vendor agnostic and don't require to re-architect the entire company network and applications.
All solutions are equipped with strong authentication. Digital certificates are standard in all our solutions.
The basic set of features include least-privileged access and granular risk-based access controls and policies.
Taking out complexity, and easy management enables smooth adoption of applied security measures.
Data Centric Security - accelerating your speed to Zero Trust
.jpg?width=5719&height=3813&name=joseph-frank-XGC_1eH_ZGI-unsplash%20(1).jpg)
