What steps can companies take to adopt a Zero Trust approach to security?
Zero trust - never trust, always verify.
Zero Trust isn’t as simple as turning on certain pieces of software. Zero Trust is a holistic approach to security that requires reorganizing a company’s strategy around its three core principles:
-
Verify every user
-
Validate every device
- Intelligently limit access
For the first two, the key is really in SSO and MFA, which can help with rigorous and repeated verification of users and devices. They tie digital identities to trusted users, and continuously ensure that they are who they say they are. For number three, it’s about minimizing exposure, giving people access only to the data and resources they need for their jobs.
There are standalone solutions that offer MFA and SSO services, but Zero Trust is really bolstered by something like Idaptive’s Next-Generation Access approach. You have to be able to seamlessly integrate all of the pillars of Zero Trust for an airtight identity management solution.
The actual first step of adopting Zero Trust is to make sure that your organization is ready to undergo a wholesale philosophical change. While this might sound a bit esoteric, it’s an incredibly important first step.
And at the end of the day, it’s all worth it. Research has shown that Zero Trust results in fewer breaches while reducing technology costs, since various identity management tools are integrated.
This post originally appeared in a Quora Q&A session hosted in May 2019. Our CEO Danny Kibel was asked to give his opinion on the state of cybersecurity, Zero Trust, working in the security field and entrepreneurship, among other things. For more of his answers visit Quora.