close
close

What is a zero trust network? Definition, Pros and Cons – Forbes Advisor

Posted on by L. Dreeye
What is a zero trust network? Definition, Pros and Cons – Forbes Advisor

In addition to the four principles, there is a five-step process for actually implementing zero trust. As an approach to cybersecurity, zero trust starts with considering what you as an organization or company need to protect.

“By understanding what you need to protect and what things are sensitive to your organization, you can begin to understand how you need to protect it,” Kindervag says. When Kindervag consults with a company or organization, this is the first question he asks, as it determines the future plan.

These five steps to implementing zero trust can be applied to any type of company of any size—from a one-person company to a business with thousands of employees.

This five-step process, as outlined in the NSTAC report, is as follows:

1. Determine your protective surface

A protected surface refers to the area that an organization must protect. The first step is to define what is known as DAAS (data, applications, assets or services) and put them into a protective surface. Below are examples of what can end up on the protective surface.

  • Data: Sensitive data that could pose the greatest risk to your company if stolen or used for malicious purposes. Credit card information, medical information, personally identifiable information (PII), and sensitive information are all examples.
  • Applications: This applies to applications that require the use of sensitive data or control of critical assets.
  • Resources: This includes Internet information technology (IT), Internet of things (IoT) and operational technology.
  • Services: These are the services the company relies on the most. This may include the Domain Name System, Dynamic Host Configuration Protocol, and directory services.

2. Map transaction flows

The next step is to map the transaction flows into and out of the secure surface to understand how the networks operate. This includes how the various DAAS components interact with the network and will help determine where to install the necessary controls.

3. Create a Zero Trust Architecture

The third step is to implement appropriate controls to protect the system you are building. “How traffic moves across the network, specific to the data on the protected surface, should drive the design. Architectural elements cannot be specified in advance, although a good rule of thumb is to place controls as close to the surface to be protected as possible,” the NSTAC report states.

“We always started with the controls before we understood the system, and that’s why we failed, because the controls didn’t meet the needs of the system. You have to understand the system before you decide how you’re going to protect it from a technology standpoint,” Kindervag says.

4. Create a Zero Trust Policy

This is where you determine who or what can access your security surface. Zero trust is based on the principle of providing specific access only to those who need it.

5. Network monitoring and maintenance

The last step is to check and record all traffic. “Telemetry of this process helps prevent serious cybersecurity events and provides valuable information about improving security in the long term. As a result, each subsequent protective surface can become stronger and better protected over time,” the NSTAC report states.