Zero Trust Cybersecurity

Strengthen security while improving productivity

What is Zero Trust?

Zero Trust is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. It is an identity-based security model, as opposed to a perimeter-based security model.

Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical location, network location, or asset ownership. Trust is removed from digital systems, and instead evaluated on a per-transaction/per-session basis.

Why Zero Trust?

Remote workforces. Cloud computing. SaaS. Perimeters as we once knew them are gone. Infrastructure is no longer centralized on-prem and users are connecting to enterprise resources remotely. Office-centric and data center-centric security tools like legacy VPNs and network access controls (NACs) are obsolete.

Zero Trust brings improvements in efficiency and effectiveness through the automated enforcement of dynamic and identity-centric access policies. While this may seem complicated, it's breadth of scope actually helps simplify enterprise security and architecture.

Zero Trust is a journey.

From NIST SP 800-207 Zero Trust Architecture:

Implementing ZTA is a journey rather than a wholesale replacement of infrastructure or processes. An organization should seek to incrementally implement zero trust principles, process changes, and technology solutions that protect its highest value data assets.

Every Zero Trust Journey is unique

A Zero Trust security strategy cuts across typical boundaries - identities, applications, data, operations, and policy. With such a broad scope, your Zero Trust strategy is intrinsically unique to your business.

Approach and Methodology

Design Principles

We follow Zero Trust Design Principles espoused by NIST and industry leaders.

  • Zero Trust needs to align with business outcomes, not prevent the business from operating effectively.

  • Start with the thing you want to protect. Identify the workflows, who would be doing them, and what they would be doing (apply Kipling method).

  • Knowing who/what needs access is key. In Zero Trust, access can only be obtained through evaluation and assignment of a policy to an identity.

  • All traffic going to and from a protect surface must be inspected and logged for malicious content and unauthorized activity, up through Layer 7.

Methodology

Start small and iterate.

Begin with a “learning protect surface”, work through the process, then move onto a “practice protect surface”.

Once fluency is established, apply to the most critical protect surfaces in the organization and work backwards from there.

Typical Work Packages

  • Security Assessment

    There is a baseline of cybersecurity competence that an organization must have before it becomes possible to deploy a Zero Trust Architecture. We work with you on IAM, networks, assets, and technical capabilities to develop a clear picture of security posture and Zero Trust readiness, along with a plan to get there.

  • Zero Trust Strategy

    A Zero Trust strategy is unique to each business. We work with you to produce the desired target state, articulating the necessary components such as Policy Enforcement Points, Policy Decision Points, Identity Platform, and how your Zero Trust Architecture fits into the broader organizational security landscape.

  • Zero Trust Execution

    Using our design principles, we work with your teams through our methodology to implement the Zero Trust Architecture, starting with pre-requisites then protect surfaces. This results in expertise within your organization using an iterative, outcome-based approach with increasing coverage across protect surfaces.

Other Zero Trust Services

Our services are customized to your unique business model and needs. These work packages are examples of outcomes we can help produce, but are in no way exhaustive. Our cybersecurity experts will work across your security, risk, technology, and executive teams to achieve desired outcomes your business needs.