The principle of ‘zero trust' in cybersecurity is simple: Trust nothing, and verify everything.
What this means is that organisations should protect all of their resources, no matter where they reside and ensure that every network connection is, by default, untrusted.
This principle is especially important now that the traditional network perimeter for most organisations has dramatically changed. The corporate network has expanded to include cloud platforms, applications and data while an increasing number of employees are working remotely. Every person connecting to important applications and data must be scrutinised and treated with caution.
Of course, trust must be established for these connections to work as intended, but the key to zero trust is that those connections are constantly re-evaluated to protect them from internal and external threats.
Zero trust runs on an assumption that people are acting on these threats and trying to attack an organisation all the time. Every connection, user, and device must be authenticated before it tries to make a connection.
And of course, zero trust should be dynamic, acting in real time and drawing on as many data sources as possible to make the best decisions. According to cybersecurity firm Sophos, static security policies don't offer protection if a device has been compromised while the user is still on it.
How does zero trust work? The four core elements
Sophos' Demystifying Zero Trust white paper breaks down the four core elements of zero trust.
Always identify: Choose a single identity source that can be used with Single Sign On (SSO) and multi-factor authentication for the strongest identity verification possible.
Always control: Deploy controls and checks where they are needed most, and mandate the principle of least privilege, i.e. only provide users the access they need to do their jobs.
Always analyse: Investigate authentications to make sure they can be trusted, because sometimes attackers can use valid credentials to access systems. Authentication should be monitored with a combination of security tools such as security information and event management (SIEM) and endpoint detection and response (EDR).
Always secure: Think of cybersecurity from the ‘inside out'. That is, find important data within the organisation and work outwards, scanning for vulnerabilities along the way.
How Sophos can help
Sophos built its cloud-native cybersecurity platform Sophos Central with a focus on helping organisations to adopt and manage a zero-trust environment.
The platform integrates a range of Sophos technologies that enable a zero-trust network, such as Sophos Cloud Optix and XG Firewall, which play an important role in securing public cloud, data, devices, networks, and workloads.