M05 - Part 1- Case Project 9-6 - Zero Trust

.docx

School

Ivy Tech Community College, Indianapolis *

*We aren’t endorsed by this school

Course

132

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

2

Uploaded by bobbymaf2020

Report
M05 - Part 1: Case Project 9-6 - Zero Trust Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. Moreover, the Zero Trust model of information security basically kicks to the curb the old castle and moat mentality that had organizations focused on defending their perimeters while assuming everything already inside did not pose a threat and therefore was cleared for access. Furthermore, security and technology experts say the castle and moat approach is not working. They point to the fact that some of the most egregious data breaches happened because hackers, once they gained access inside corporate firewalls, were able move through internal systems without much resistance. Also, the Zero Trust approach relies on various existing technologies and governance processes to accomplish its mission of securing the enterprise IT environment. It calls for enterprises to leverage micro-segmentation and granular perimeter enforcement based on users, their locations, and other data to determine whether to trust a user, machine or application seeking access to a particular part of the enterprise. Advantages of using the Zero Trust Model. Building a Zero Trust network is a considerable task, but sometimes it is worth it to put the extra effort in. Let look at some pros and cons to help you decide whether a Zero Trust model is right for you. Here are some strengths of the Zero Trust model: Less vulnerability. Once in place, the Zero trust model better secures the company, especially from in-network lateral threats that could manifest under a different security model. Strong policies for user identification and access. Zero Trust requires strong management of users inside the network, so their accounts are more secure making the entire network more secure. Using multi-factor authentication or even moving beyond passwords with biometrics is a good way to keep accounts well-guarded. Then, with the categorization of users, they can only be granted access to data and accounts as necessary for their job tasks. Smart segmentation of data. In a Zero Trust model, you would not have one big pool of data that all users could access. Segmenting data according to type, sensitivity and use provides a more secure setup. This way, critical or sensitive data is protected potential attack surfaces are reduced. Increased data protection. Zero Trust also keeps data well-guarded in both storage and transit. This means things like automated backups and encrypted or hashed message transmission. Good security orchestration. This is the task of making sure all your security elements work together efficiently and effectively. In an ideal Zero Trust model, no holes are left uncovered, and the combined elements complement one another rather than presenting incongruities between them. Challenges of using the Zero Trust Model. With all these additional security strengths, the Zero Trust model does make a security policy more complicated. Here are some of the additional challenges that come with such a comprehensive strategy: Time and effort to set up. Reorganizing policies within an existing network can be difficult because it still needs to function during the transition. Often, it is easier to build a new network
from scratch and then switch over. If legacy systems are incompatible with the Zero Trust framework, starting from scratch will be necessary. Increased management of varied users. Employee users need to be monitored more closely with access only granted as necessary. And users can go beyond employees. Customers, clients, and third-party vendors may also use the company’s website or access data. This means there’s a wide variety of access points, and a Zero Trust framework requires specific policies for each type of group. More devices to manage. Today’s work environment includes not only different kinds of users, but several types of devices for each of them. Different devices may have their own properties and communication protocols which must be monitored and secured specific to their type. More complicated application management. Likewise, applications are varied. Apps are often cloud-based with use across multiple platforms. They may be shared with third parties. In line with a Zero Trust mentality, app use should be planned, monitored, and tailored specifically to user need. So, these days there is more than one location data is stored, which means there are more sites to protect. Data configuration needs to be done responsibly with the highest security standards. https://truefort.com/pros-and-cons-of-zero-trust-security/ https://www.crowdstrike.com/cybersecurity-101/zero-trust-security/ https://www.strongdm.com/zero-trust https://www.zscaler.com/resources/security-terms-glossary/what-is-zero-trust https://konghq.com/blog/enterprise/what-is-zero-trust-security https://www.bitlyft.com/resources/a-complete-guide-to-zero-trust-security
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help