Please share your expertise and experience with the community on how to start implementing a Zero Trust model in an enterprise.
What is zero trust?
Assume zero trust when someone or something requests access to work assets. You must first verify their trustworthiness before granting access. Zero Trust is rapidly becoming the security model of choice for many organisations; however, security leaders often struggle with the major shifts in strategy and architecture required to holistically implement Zero Trust.
As Zero Trust security itself is a strategy, so too is its deployment. The best approach to reaching a Zero Trust framework is to start with a single-use case, or a vulnerable user group, for validation of the model.
Main Pillars of Zero Trust and where to start
1. Inventory of Devices ( HW and SW Asset )
2. Identities ( Visibility and Management of Users ) – including internal and external workforce, services, customer access and IOT components
3. Privilege Account and Access Management, Least Privileges for std users
4. NAC, Visibility of Devices connected to your network- and enforcing device health and compliance
5. Apps and APIs – ensuring they have appropriate permissions and secure configurations
6. Endpoint Management Solution
7. Data – giving it the necessary attributes and encryption to safeguard it.
8. Networks – establishing controls to segment, monitor, analyse and encrypt end-to-end traffic
@ABHILASH TH, thank you for this detailed answer.
Hello @JacquesBodenstein , @Mike Hancock. Perhaps, you can help? Thanks
Can someone explain the difference between PAM and PAS?
Kindly advise on the top 5 solutions within the industry to look at.