The ABC of Zero Trust
“Zero trust” is a relatively newer concept in security. Traditionally, all traffic inside the network / premises was given a higher trust rating than traffic outside the network. With the advent of hybrid / remote workplace and BYOD(Bring-your-own-device) in the network, this assumption no longer holds true.
To easily remember the new tenets of security, there’s a simple ‘ABC’ mnemonic
A: Assume nothing
B: Believe No one
C: Check everything
The idea being that threats can now come from anywhere. Certain security philosophies also advocate assuming that the as the threat is ever-present, assume that the network may already be compromised. Therefore,
- microsegment networks
- authenticate every user
- assign roles on the basis of least privileges
- review every policy, especially the default policies(and think how you can exploit them if you wearing the hat of the attacker)
- log and audit everything
- leverage services already built with Zero Trust in mind.