In most modern enterprise environments, corporate networks consist of multiple interconnected segments, cloud-based services and infrastructure, connections to remote and mobile environments, and increasingly, connections to non-conventional IT, such as IoT devices. The traditional approach of trusting devices within a perceived corporate perimeter, or devices connected to it via VPN, makes less sense in such highly diverse and distributed environments. The zero trust approach advocates mutual authentication, including checking the identity and integrity of devices irrespective of location, and providing access to applications and services based on the confidence of device identity and device health in combination with user authentication. The main concept behind zero trust is that devices should not be trusted by default, even if they are connected to a managed corporate network such as the corporate LAN and even if they were previously verified.
- What is Zero Trust?
- How can it benefit organisations?
- What are some best practice implementations?
- What are the key points gotcha’s?