Ce diaporama a bien été signalé.
Le téléchargement de votre SlideShare est en cours. ×

Zero Trust : How to Get Started

Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Chargement dans…3
×

Consultez-les par la suite

1 sur 29 Publicité

Plus De Contenu Connexe

Plus par EyesOpen Association (15)

Plus récents (20)

Publicité

Zero Trust : How to Get Started

  1. 1. 1.Overview of Zero Trust 2.Why Does Zero Trust Matter? 3.Principles of Zero Trust 4.Getting Started 5.Conclusion PLAN
  2. 2. Trust: Human interactions are guided by the concept of trust Overview of Zero Trust
  3. 3. Trust but verify.
  4. 4. Overview of Zero Trust • “Zero Trust Model” was coined by Forrester Research analyst and thought-leader John Kindervag in 2010 • “never trust, always verify.” • based on the assumption that risk is an inherent factor both inside and outside the network.
  5. 5. Overview of Zero Trust
  6. 6. 1.Overview of Zero Trust 2.Why Does Zero Trust Matter? 3.Principles of Zero Trust 4.Getting Started 5.Conclusion PLAN
  7. 7. Why Does Zero Trust Matter? • The human concept of boundaries or the perimeter • The evolving nature of risk and threats
  8. 8. Why Does Zero Trust Matter? The human concept of boundaries or the perimeter
  9. 9. Why Does Zero Trust Matter? The human concept of boundaries or the perimeter Change of tactics. Breach from the INSIDE!
  10. 10. Why Does Zero Trust Matter? The evolving nature of risk and threats – LANDSCAPE SHIFT
  11. 11. Why Does Zero Trust Matter? LANDSCAPE SHIFT – Information & Technology
  12. 12. Why Does Zero Trust Matter? Business Challenges: Increased access, attack surface & gaps in visibility
  13. 13. 1.Overview of Zero Trust 2.Why Does Zero Trust Matter? 3.Principles of Zero Trust 4.Getting Started 5.Conclusion PLAN
  14. 14. Principles of Zero Trust Traditional Zero Trust Move away from • Assumptions • Implicit Trust Move towards • Strong authentication • Context • Explicit Trust
  15. 15. Principles of Zero Trust Focuses on protection of data, not on attacks Assumes all environments are hostile and breached No access device until user + device is proven “trusted” Authorize and encrypt all transactions and flows All activity is logged
  16. 16. 7 Zero Trust Foundational Rules 1. All data sources and computing services are considered resources. 2. All communication is secured regardless of network location. 3. Access to individual enterprise resources is granted on a per-session basis. 4. Access to resources is determined by dynamic policy. 5. The enterprise monitors and measures the integrity and security posture of all owned and associated assets. 6. All resource authentication and authorization is dynamic and strictly enforced before access is allowed. 7. The enterprise collects as much information as possible about the current state of assets, network infrastructure and communications, and uses it to improve its security posture. Source: NIST Special Publication (SP) 800-207 (2020), Zero Trust Architecture Principles of Zero Trust
  17. 17. Principles of Zero Trust Source: NIST SP 800-207 ZERO TRUST ARCHITECTURE
  18. 18. Principles of Zero Trust Types of Trust Algorithms • Criteria- versus score-based • Singular versus contextual”
  19. 19. Principles of Zero Trust
  20. 20. 1.Overview of Zero Trust 2.Why Does Zero Trust Matter? 3.Principles of Zero Trust 4.Getting Started 5.Conclusion PLAN
  21. 21. Getting Started • What are your ‘crown jewels’? • Where are they? • Who looks after them?
  22. 22. Getting Started Governance Policy Automation & Orchestration Security Controls Talent & HR
  23. 23. Getting Started Users & Devices • MFA • Biometrics • PKI • IoT Apps & Data • Data Classification • DLP • Microservices • APIs • DevSecOps Networks • Microsegmentation • Cloud • SD-WAN • SASE
  24. 24. 1.Overview of Zero Trust 2.Why Does Zero Trust Matter? 3.Principles of Zero Trust 4.Getting Started 5.Conclusion PLAN
  25. 25. Conclusion • The perimeter no longer exists • Identity and credentials are the new perimeter • Assume breach • Insiders carry the greatest risk – as targets and as threats • Start your Zero-Trust Initiative with Zero-Trust Thinking • Automate & Orchestrate your Security Policy
  26. 26. Call to Action Verify, then trust!
  27. 27. M E R C I ! T H A N K Y O U ! QUESTIONS ?
  28. 28. Resources Microsoft Assessment https://www.microsoft.com/en-ww/security/business/zero-trust/maturity-model-assessment-tool BeyondCorp: Google’s Implementation of Zero Trust https://cloud.google.com/beyondcorp

×