Hard to earn and easy to destroy, trust is crucial not only in interpersonal relationships but in computer systems, too. The problem is that networks and systems were designed from the beginning to trust all users and transactions. In most networks, trust was given and never earned. But now, cybercrime has changed that. If you want to secure your network, you’ve got to understand and implement zero trust concepts.

Zero trust is intentional, and you have to be proactive about it; it doesn’t just happen. According to Microsoft, zero trust is an integrated approach “that explicitly and continuously verifies every transaction, asserts least privilege, and relies on intelligence, advanced detection, and real-time response to threats.”

Next steps

Use least privileged access: Users should only have the level of access they need to complete their job tasks. Having excessive permissions may be convenient, but it’s a major security risk. If that user account gets compromised and has more access than necessary, that extra information is at risk. Multiple this by the number of users that have excessive permissions.

Verify permissions explicitly: When establishing access for a user, at a minimum you need to verify the requesting user is who they say they are. This is typically accomplished with multifactor authentication. Zero trust takes it a step further by considering additional data sources. Is the request for access coming from a location you expect? Is the request for access coming from a device you trust and know to be in good health? Is the user authorized to access information with this level of classification? Zero trust means you need to interrogate the access request more stringently.

Assume you’ve already been breached: You’ll need to use a variety of techniques to do this, but in zero trust, you have to assume that attackers are already in your network. Some of the things you can do include:

  • Implement end-to-end encryption, which can protect data even if a workstation is compromised.
  • Put network segmentation in place to make it harder for an unauthorized user to traverse your entire network.
  • Secure how you use local administrative accounts to make it harder for attackers to escalate privileges.
  • Continuously monitor for threats and indicators of compromise to make sure you can interrupt attacks and evict attackers.