Home Salesforce What is Zero Trust Security?

What is Zero Trust Security?

by Dhanik Lal Sahni
Zero Trust Security

Zero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.

The main concept behind the zero trust security model is “never trust, always verify,” which means that devices should not be trusted by default.

Principles of Zero Trust Security

There are three basic principles that form the foundation of the ZT security model.

1. Continuously Verification

Continuous verification means no trusted zones, credentials, or devices at any time. Hence the concept is “Never Trust, Always Verify.” Zero Trust verifies user identity and privileges as well as device identity and security. Logins and connections time out periodically once established, forcing users and devices to be continuously re-verified.

2. Least Privilege

Least privilege access means giving users only as much access as they need. This minimizes each user’s exposure to sensitive parts of the network.

3. Device Access Control

Zero Trust requires strict controls on device access. Zero Trust systems need to monitor how many different devices are trying to access their network, ensure that every device is authorized, and assess all devices to make sure they have not been compromised. This further minimizes the attack surface of the network.

Zero Trust Frameworks

These are widely used Zero Trust frameworks we can use as guidelines in implementing Zero Trust

  1. Forrester’s The Definition Of Modern Zero Trust
  2. Gartner CARTA 
  3. Google’s BeyondCorp
  4. Identity Defined Security Alliance (IDSA) Framework
  5. National Institute of Standards and Technology (NIST) Special Publication (SP) 800-207 Zero Trust Architecture (ZTA)

Summary:

Zero Trust involves a new approach that denies access to applications and data by default. And it relies on least privilege access and comprehensive security monitoring to maximize defense against security threats.

References:

Zero Trust Security

You may also like

Leave a Comment

Salesforce Summer’22 Enhancement in Nonprofit and Education Salesforce Summer’22 Enhancement in Loyalty, Public Sector, Media, Energy & Utilities Salesforce Summer’22 Enhancement in Health, Manufacturing, Consumer Goods Cloud Salesforce Summer’22 Enhancement in Financial Cloud Salesforce Summer’22 Enhancement for Platform UI