Zero-trust-washing: Why zero trust architecture is the framework to follow

2022-05-31 04:30

It is perhaps better to consider the term zero trust architecture - a framework that requires an organization to take steps depending on the priorities of the business and their current security infrastructure.

Whilst it's important for organizations to start making the move to zero trust architecture, it is not as simple as adopting a single vendor's capabilities as a comprehensive solution.

We recently saw President Biden issue an Executive Order to improve the country's cybersecurity, which includes the adoption of ZTA. There are lots of references to ZTA within the Order, including this one: "The Federal Government must adopt security best practices; advance toward zero trust architecture; accelerate movement to secure cloud services, including Software as a Service, Infrastructure as a Service, and Platform as a Service; centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these modernization goals".

As with any other new technology or approaches we await any "Official" ZTA certification or practical standards.

NIST has not yet created any standards or certification for zero trust - their Special Publication discusses goals for ZTA. Perhaps the absence of relevant certification or standards is partially to blame for a lack of cohesion when it comes to marketing and selling ZTA? With these in place, vendors would at least have solid guidance and organizations looking to invest in ZTA, better definition and clarity.

Asking your vendor some straightforward questions will usually help to reveal their understanding of ZTA. For example, ask them how their proposed solution fits within your ZTA - if they can't visualize this then they probably still believe that ZTA is something you buy off the shelf.

News URL

https://www.helpnetsecurity.com/2022/05/31/zero-trust-architecture/

#framework #zerotrust