Backups are NOT enoughThe world has gone crazy with the plethora of ransomware attacks over the past couple of years. Companies and people are responding by…Dec 9, 2021Dec 9, 2021
Access to resources is granted on a per-session basisWhat this means is that any trust relationship can and should never extend beyond a single session. If/when a new session is requested, the…Oct 28, 2021Oct 28, 2021
Ensure that you treat all systems, devices, data sources, etc. as protected resourcesToday over 30% of data attacks and compromises come from inside the organization. And, most external attacks come from compromised user…Oct 26, 2021Oct 26, 2021
With Zero Trust, you MUST secure all communication, no matter where they come fromThe concept of a Zero Trust network access (ZTNA) contrasts with traditional access solutions. Traditionally, if a user was inside the…Oct 19, 2021Oct 19, 2021
The 7 Tenets of Zero Trust SecurityThere is no shortage of definitions for Zero Trust around the internet. While there is no single definition of zero trust, it helps to have…Oct 18, 2021Oct 18, 2021
How Zero Trust could have prevented the colonial pipeline attack.Let’s step through an example. Paul is a malicious actor. He is sitting in a coffee shop and notices someone head to the restroom, and…Oct 15, 2021Oct 15, 2021
The Six Elements of the Zero Trust Security ModelBelow is a graphical representation of the 6 elements of the Zero Trust Security model that we discussed above. Here I am breaking devices…Oct 14, 2021Oct 14, 2021
Signal, Decision, Enforcement — The 3 steps in Zero TrustI talked previously about the 6 foundational elements of a Zero Trust security model: identities, devices, applications, data…Oct 14, 2021Oct 14, 2021
In a model of perimeter security, everything inside the internal network is considered reliable and…Zero Trust is a new model that no longer relies on a privileged corporate network. Access depends solely on the device and user…Oct 13, 2021Oct 13, 2021
An introduction to Zero Trust SecurityZero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized…Oct 13, 2021Oct 13, 2021