Embrace security automation and orchestration: Build automation policies with the help of management.
Continuously monitor your zero-trust ecosystem with security analytics: Using logs and data analytics look for malicious activity across the entire microperimeter ecosystem.
This step also looks at using physical or virtual security controls to enforce the microperimeters. Design them so that the best-fitting security is used for that specific use case.
Architect your zero trust microperimeters: Once you know your data and its flow, create optimal micronetworks around each.
The step encourages the optimization of data flows to create micronetworks. This includes transactional flows that may be multi-directional.
Map the flows of your sensitive data: This step is about looking at the flows of data across your network.
They suggest you create “chunks” of data that represent their own microperimeter - each being connected across the extended network ecosystem. This step is where the idea of microperimeters (zones) comes in. Forrester suggests using their own “simplified data classification model.” This model has three basic classes: Public, Internal and Confidential. If you know what your sensitive data is and where it flows, you can best determine the right security.
Identify your sensitive data: This is a fundamental step.
These steps still hold value in the updated version: The basic premise being to think of data as being “zoned.” The control is then applied within and between those zones. The original version of the model from Forrester set out five basic steps to achieving zero trust security. This way of looking at security applies the concept of defining trust as a way to verify people and devices wherever they may be. In doing so, our networks are expanded to breaking point and our workloads reflect this. This extended view to include people and devices makes a lot of sense in a world where we take our technology with us. Access to data by any of these must be verified at any point and any time. In the Zero Trust eXtended Ecosystem, data is the central pivot upon which people, devices, networks and workloads turn. In this new version, people are intrinsically untrusted in the system thus, the new model is built on the notion of “people-centric perimeters.”Ī zero-trust world it is all about verifying access through applied trust. This new model is known as The Zero Trust eXtended Ecosystem. In 2018, the original zero trust architecture model was updated by Forrester. The idea was to change how we trust transactions across a network, with the starting point of all network traffic being untrusted. The key feature of this architecture was to use a “data-centric” model - that is, knowing where your data is at any juncture, mapping the flow of the data through a network and beyond. Zero-trust security was one such model - but what exactly is it? What is meant by zero trust security?īack in 2010, analyst John Kindervag of Forrester developed the framework for a zero-trust security architecture. New ways of looking at cybersecurity had to be developed. We had to expand how we connected and, in doing so, opened the landscape to malicious others. We could no longer rely on perimeter-hardening tools like traditional firewalls. The dissolution of the network perimeter caused many changes in the way we approached cybersecurity - access control being only one of them. As a consequence, ERM changed to accommodate functionality that was more cloud-appropriate - expanding its range of identity methods to control content access. If you have no perimeter, you need to have mechanisms other than employee directories to control content access. One of the issues was in the access control measures offered to manage content access. Once the network perimeter was no more, it became more difficult to control content. ERM was developed to solve the issues of controlling enterprise content, such as in a Word document.
BEYONDCORP VS ZERO TRUST SOFTWARE
Back in the early- to mid-‘00s, Enterprise Rights Management software (ERM) began to struggle.