The zero-trust approach to security is the best way right now to protect mission-critical data and systems. Forrester Research analyst John Kindervag developed the model almost a decade ago. Zero trust rejects the notion of differentiating between insiders and outsiders when it comes to security. No one attempting to access company systems or data is to be automatically trusted. In a sense, zero trust recreates the "ring" of security that vanished when the enterprise perimeter went poof a few years back. The difference is that now everyone is outside that ring unless explicitly permitted in.
Implementing zero trust requires creating detailed policies and devising certain "hoops" through which those wanting access to critical infrastructure must jump. Not an easy task.
This guide offers a comprehensive explanation of what zero trust means. (Hint: It's more than a policy of trusting nothing and no one.) It delves into the concrete benefits of a zero-trust security policy and then looks at the practical steps to take to reap them.
Putting a zero-trust approach to IT security into practice is challenging but worth it. Let this guide help you move from strategy and planning all the way to acquisition and implementation.