Zero Trust - RH-ISAC Blog

Despite all the marketing hype related to ZTA, at the end of the day, it may not make sense for all organizations, particularly those in less risky environments to implement or pursue all components. That said, all organizations can learn from the tenets and leverage them to improve their security posture. In the preceding series,…

Based on the pillars discussed in the earlier series posts, nothing changes when approaching data security – we start with knowing what is – at a minimum, organizations need to identify and categorize sensitive, regulated, operationally critical data, etc. Data Labeling and the Categorization of Critical Data Types This process will involve mapping all the…

The Basics There are some straightforward, yet specific, tool-related recommendations organizations can implement at near zero additional cost to maximize investments already made in their environment. Initially, when folks think about network security for organizations, network appliances like firewalls (FW) come up in conversation. Less commonly discussed is how permissive the FW rules are. Too…

From the onset, access control is the most dynamic pillar in the ZTA implementation process. New accounts need to be created for legitimate business use, accounts likely need varying degrees of access, and account revocation for individual accounts and a mass list is always a concern. Identity and Access Management (IAM) Basics The quest towards…

Now that we have it defined, how do we practically approach the path to zero-trust architecture (ZTA) and why does it matter? Suppose we start the ZTA discussion by agreeing on a standard definition in its simplest form, i.e., limiting the impact of any unauthorized events by design. Many current industry definitions summarize the key…

I see so many people reference zero trust as a product, something that you achieve simply by plugging it into a network or installing it on a computer, but it is, in fact, quite the contrary. Zero trust is an action, a process in which you deny everything by default and only give access to…

Over the last few years, zero trust has become the latest buzzword in the security industry, right up there with digital transformation and shift left. For many, zero trust is seen as a marketing ploy, designed to sell yet another product. For others, zero trust is an abstract ideal with no clear implementation path. In…

The last few years have been challenging for cybersecurity departments who were forced to adapt quickly to rapid digitalization in the face of the COVID-19 pandemic. An expanded attack surface has presented new opportunities for cyber criminals, but developing technology holds possibilities for more efficient protection. Here are just a few of the cybersecurity predictions…