Forrester Principal Analyst Chase Cunningham explains Zero Trust: the concept behind the framework and how companies should implement it to protect their business.
Chase Cunningham, Principal Analyst
Traditional perimeter-based security is a moat-and-castle strategy: Build high walls around the network to keep the bad guys out, and trust that no one inside is going to harm you. (If this is your approach, you might want to watch a few episodes of Game of Thrones.)
With the number of breaches in the news, and even more happening that aren’t in the public eye, it’s clear that this approach is doomed to fail. Enter Zero Trust. Instead of treating everything inside the network as inherently trusted, Zero Trust does the opposite. The network is segmented into small parts that only select people have access to, and if one part is breached, the rest of the network is still secure.
In the Navy, this is known as water-tight integrity — kind of like the unsinkable Titanic but without the iceberg. However, the only way you’ll avoid sinking is if you go all in. Zero Trust isn’t a one-time project — it’s a long-term, strategic goal that should be applied in all areas of the enterprise.
You might say that the arguments against Zero Trust outweigh the benefits: Tight controls inhibit the exchange of data; employees recoil at the thought of Big Brother watching them; and it sounds expensive.
In this podcast episode, Chase Cunningham discusses why this is not the case and how companies can implement Zero Trust one piece at a time to both protect their data and keep the boardroom happy.