cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

What does industry think about Zero Trust?

Hi All

 

So what does industry really think about Zero Trust? 

 

What do you think?

 

https://www.cyberbitsetc.org/post/what-does-business-community-think-about-zero-trust-5-simple-facts

 

Regards

 

Caute_Cautim

6 Replies
Until_then
Contributor I

Nothing wrong with Zero Trust as long as you can execute whatever your business function is. With Zero Trust, it's just another layer of added security for identity/authentication management. With the amount of attacks going on, anything to reduce the attack surface is great as long as it doesn't interfere with your mission.
Until_then
Contributor I

NIST SP 800-207 provides for a good read on Zero Trust Architecture (ZTA): https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf
Caute_cautim
Community Champion

@Until_thenI would also suggest the DoD Zero Trust reference architecture too.

 

https://www.nextgov.com/cybersecurity/2021/05/disa-releases-initial-zero-trust-reference-architectur...

 

A great reference to get you going.

 

Regards

 

Caute_Cautim

csjohnng
Community Champion

Actually I am going to write a paper regarding ZTA for my final project for one of my courses   

 

@Until_then 

NIST SP 800-207 does provide good reference and concept and it's a recently good reference for ZTA which is a planned key reference for my paper  

 

@Caute_cautim 

Good to know the DoD released the initial version of ZTA, just glance the TOC, definitely good input and reference for my term paper.

 

Thanks 

John
Caute_cautim
Community Champion

@csjohnng 

 

There is a great deal of mystique surrounding Zero Trust Architecture, it is definitely a well worth journey to undertake, however, technology vendors seem to think they can ram everything into a solution, and it will work.

 

This is not the case, it needs support from the top of the organisation, there is some very cool technology around, but they turn out to be a platform, some of which have been built from the ground up, and others which are based on legacy ideas, and approaches. 

 

It really needs the C-Suite to think laterally rather than in a linear fashion.  Today, is definitely the world of hypothesis, now go and test it, and if it fails it was wrong or the expectations were incorrect. The world of fail fast, and success quickly is upon us.  Time is money, after all.  

 

The best way to get into it is to prioritise the business problems, and take use case, and apply it, and monitor the benefits for the best impact and success.  For instance getting rid of VPN's and remote access is a use case to pursue, given the attacks on such systems these days.   The traditional networks are on the way out, Softward Defined Networks are definitely on the rise.

 

Regards

 

Caute_cautim

csjohnng
Community Champion

@Caute_cautim 

Yes definitely mystique and worth taking.

I have finished my piece of work 2 weeks ago and got grade as well.

 

I did not realise the term Zero trust is coined 10 year ago.

it's important for the C-Suite to think carefully and we really should ask ourself and continue challenge ourself.

What is "norm" today will no longer norm tomorrow. The only way to test is think bold, valid the hypothesis carefully.

John