Once a radical idea, zero trust is now the dominant paradigm in enterprise security, largely supplanting the older perimeter-defense model. And as cybersecurity vendors move toward consolidated security platforms that merge once-separate point solutions, zero trust has emerged as the bedrock that underpins modern security offerings.The zero-trust security model begins with the notion that a network has already been penetrated. As a result, it asks users to authenticate themselves when moving from one part of the network to another, or when asking for access to documents or files that require high security clearance.No user, whether it's a human, a software process, or a device, is ever fully trusted. All are monitored, tracked and verified as they access different parts of the network. Each user gets no more system privileges than needed to perform its tasks, and excessive existing privileges are revoked. Access is based upon user identity, not network location."A modern unified platform needs to be built around the zero-trust concept," says Aviv Abramovich, Head of Security Services Product Management at Check Point. "Less privileges, always verify, continuous verification and an awareness and visibility — if you don't have these specific capabilities, your platform will just be missing some really important components and capabilities.""The fact that I trusted you two minutes ago doesn't mean I trust you now," says Abramovich. "Maybe something has changed. Maybe you, in those two minutes, you managed to get malware on your laptop, or wherever you're accessing, and now I have to take that trust away."
How zero trust became a must-have
The shift to zero trust accelerated during the rapid growth of cloud computing in the late 2010s and was put into hyperdrive by the 2020-22 COVID pandemic and the massive shift to remote work. Zero trust is simply more applicable than the perimeter-defense model to workplaces with many employees working from home, as well as to organizations with many of their assets in the cloud.Zero trust also works well with the on-premises networks and assets that many businesses still retain, so there's no long-term downside in shifting to the new paradigm.Because zero trust bases access upon user identity rather than network location, it's good at handling remote devices and the bring-your-own-device phenomenon.Under the perimeter-defense model, an employee's phone that joins the company wireless network might be able to reach all the systems a company-owned laptop could, but zero trust limits that phone's access. Likewise, an employee-owned computer will be properly managed by zero trust if it joins the network, no matter where it may be physically."You need to think of security holistically," says Abramovich. "Your network actually extends to the employee that sits at home in his slippers, reading his email on his bring-your-own-computer connected to his own Wi-Fi router at home."Abramovich outlines three "pillars" of zero trust:- The principle of least privilege. No user gets any more system or network privileges than necessary.
- No users are implicitly trusted, and all are continually re-verified.
- All users are monitored and tracked, and none get free rein throughout the entire network.





