Zero Trust
Overview
Zero-Trust security. Switch from a perimeter-based (firewall and VPN) model of access to a user to resource model.
Implement strong, simple identity. Identity for both a person, but also a system. Decouple the identity from the corporation: make it affinitive to the user, a single identity.
Enforce entitlements and authorisation in the network.
This micro-segmentation is simpler to use, more accessible, and, more secure. It reduces the lateral-traversal, it empowers the users, it increases the audit capability. And, its more economical, more scalable. Everybody wins.
Articles
Devices on industrial control system networks are ill-equipped for the hardships associated with the Internet and remote access. Low-speed processors, infrequent firmware upgrades, spotty security research, Common Vulnerabilities and Exposures (CVE) publishing, etc. This leads to a natural conflict: the operator is …
Cybercriminals had a record breaking year with the business cost of a cyber breach reaching new heights in 2021. With clear cybersecurity goals in mind, businesses can avoid becoming just another hacking news headline.
Who are you? Identity involves knowing who you are, and then later proving it. NIST sp 800-63A enrollment is the first step, let’s talk about that!
Zero-Trust Network Architecture has 3 steps: Authenticate (Who), Authorise(What), Access(How). 3 Levels of strength of the who are defined in NIST sp 800-63B. Does the goldilocks principle apply to you? Read on!
Reconfigure a VoIP PSTN gateway remotely via Zero Trust with Multi-Factor Authentication and single-sign-on to avoid a DDoS.
e encouraged to create API keys by many SaaS tools, and, these present real authorisation challenges.