In years past, cybersecurity professionals approached their work with a strong focus on the network perimeter. Everything inside the network was presumed to be trusted, while everything outside the corporate firewall was a potential threat. This approach has not withstood the test of time, and organizations now find themselves operating in a threat landscape where it is quite likely that an attacker already has a foothold on their network through a compromised system, vulnerable wireless connection, stolen credentials or other means.
The customers I work with every day understand the realities of the new threat landscape and are looking for security solutions that help combat this rising threat. I believe that the strongest approach to security in this new environment is adopting a zero trust philosophy. Under this model, we make no assumptions about trust — other than the assumption that no user or device is trusted until they have proved both their identity and their authorization. With this new mindset in place, we then explore five adaptations of the customer’s security controls to better support a zero trust approach.