Moving toward zero trust: Protecting data as a strategic asset
By Alex Chapin
May 19, 2021
The National Security Agency recently released its Embracing a Zero Trust Security Model, reinforcing several design principles of zero trust. Two of these principles are especially apt in light of the latest supply chain hacks: “Breach is inevitable or has likely already occurred” and a “deny by default security policy.” These tenets should be the minimum acceptable practices for cyber defenders in the Department of Defense and throughout government.
The NSA document also recommends that an organization invest in identifying its critical data, assets, applications and services. It goes on to suggest placing additional focus on architecting from the inside out, ensuring all paths to data, assets, applications and services (DAAS) are secure, determining who needs access, creating control policies and, finally, inspecting and logging all traffic before reacting. These practices require full visibility into all activity across all layers -- from endpoints to the network (which often includes cloud) -- to enable analytics that can detect suspicious activity.
https://defensesystems.com/articles/2021/05/19/comment-zero-trust.aspx
