Ever Wonder Where the Idea for Zero Trust Security Came From?

Zero-trust, an approach to cybersecurity gaining traction in the industry, is perhaps the most effective way to secure your business’ infrastructure. We want to take some time today to discuss how zero-trust came to be and how it compares to today’s cybersecurity threats.

The Father of Zero Trust: John Kindervag

Of all things, former broadcast engineer and computer animation specialist John Kindervag credits the video game Doom for his interest in networking.

How Smashing Demons Built the Most Secure Networking Strategy to Date

Back in the day, Kindervag convinced his supervisors that they should build an ethernet network to help transfer animated files, which were too large at the time to be shared any other way.

Of course, we know today that these ethernet networks were built to support the after-hours Doom parties hosted in the office. This wasn’t exactly an uncommon practice, either. You’d be surprised to learn just how many advancements in computers and networking were made for the express purpose of playing Doom.

While working with these networks, however, Kindervag discovered they were not secure.

In truth, little attention was paid to security. The sole measure in place was a firewall to protect from external threats. There was no stopping anyone who wanted to remove data from the network, and the trusted, internal network built for the business could allow data to be shared with an untrusted, external network (read: the Internet).

Claiming this idea was “insane,” he sought to build a system with zero inherent trust in all interfaces… and the rest is history.

Explaining the Concept of Zero-Trust

A zero-trust system requires five steps:

Step One: Defining the Protect Surface
As Kindervag puts it, “Zero Trust inverts the traditional problems of cybersecurity. Instead of focusing on what's attacking you, it focuses on what I call the Protect Surface. What do I need to protect?”

Take steps to identify the data you should protect; this will help you determine the scope of your data protection needs.

Step Two: Mapping Your Data
You need a holistic understanding of how your business and its systems interact with your IT infrastructure. This includes users, their purposes, and how the system allows for data storage and transfer.

Step Three: Designing an Architectural Framework
Build a framework that addresses the specific needs you outlined in the previous steps. While your framework might look like someone else’s, it should be customized to suit your business. The audits and mapping will help you along the way.

Step Four: Creating Your Zero-Trust Policies
Now, it’s time to set restrictions on who can access what data, how they can access it, when they can access it, where they can access it from, and for what purpose. These parameters should be set for every user, role, device, and network.

Step Five: Monitoring and Enforcing Compliance
Finally, it’s time to monitor your network and address any oversights or loopholes before they impact your security infrastructure.

Here Is Some Advice from Kindervag

A key takeaway from Kindervag: security issues like ransomware and other threats don’t care if you’re a small business or a major enterprise.

You can expect that everyone in today’s connected, online world will be at threat and subject to various repercussions—many of which are difficult to predict. For example, there’s even a niche ransomware that specifically targets a Swiss Alps dairy farmer and his milking machines. Even if the farmer could milk his cows manually, he would still have to deal without access to telemetric health data, which could help him avoid his cows dying.

These losses are preventable, and if businesses implement appropriate security measures (like zero trust), they can take a proactive stance and minimize the damage done by threats.

Let Us Help

Don’t let a fear of cybersecurity threats hold you back. Instead, use it to fuel your desire to improve your organizational security. Learn more by calling us today at 02 98730080.