Top 5 things about zero-trust security that you need to know

on April 27, 2022, 11:06 AM PDT

Top 5 things about zero-trust security that you need to know

If malicious actors are already on your network, then typical cybersecurity measures aren’t enough. Learn how to further protect your organization’s data with these five facts about zero-trust security from Tom Merritt.

zero trust top 5 — Image: hamara/Adobe Stock

Zero-trust security refers to the idea that you shouldn’t assume someone is trustworthy just because they’re inside your network. That’s why zero-trust is sometimes called perimeterless security: You continually authenticate and verify based on the situation.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

Here are five things to know about zero-trust security.

Zero-trust security has been around for a while. The term was coined by Stephen Paul Marsh in 1994, and it was later popularized by security analyst John Kindervag. Google was one of the first tech companies to try a form of zero-trust security in 2009.
Zero-trust security requires your work culture to adapt. It used to be that everybody logged in, and then they could access whatever they wanted with a few broad level-based permissions. Zero-trust security restricts you by task — not type of access. It doesn’t have to be harder, but it will be different, causing more than a few employees to wonder why they have to keep proving who they are. Leadership should explain the benefits of zero-trust security and get peers on board.
You’ll want to learn the “five Ws” of zero-trust security: What must be protected; from where are the access requests originating; who is doing the requesting; why are they requesting it; and when do they need the access.
No, VPNs aren’t going to help. When some people think perimeterless, they think that means logging in remotely. That’s not quite it. A VPN is just another perimeter. If you’re inside the VPN and the bad folks are too, then the VPN won’t help you.
You need to keep monitoring. No system is perfect, and malicious behavior will happen just like in old-fashioned perimetered security. Make sure you’re watching for security flaws. When you find security flaws, analyze the root cause and share your findings.

I have zero trust that you’ll immediately implement zero-trust security, but that’s the way it should be.

Subscribe to TechRepublic Top 5 on YouTube for all the latest tech advice for business pros from Tom Merritt.

Also See

By Tom Merritt

Tom is an award-winning independent tech podcaster and host of regular tech news and information shows. Tom hosts Sword and Laser, a science fiction and fantasy podcast, and book club with Veronica Belmont. He also hosts Daily Tech News Show, covering the most important tech issues of the day with the smartest minds in technology.