Friday Mar 12, 2021
#20 - Zero Trust
Would you actually like to learn about what Zero Trust is without a bunch of marketing jargon? On this week's episode G Mark Hardy and Ross Young provide a thoughtful discussion on Zero Trust from NIST and Microsoft:
- Microsoft's Zero Trust Principles
- Verify Explicitly
- Use Least Privileged Access
- Assume Breach
- NIST 800-207 Seven Tenets of Zero Trust
- All data sources and computing services are considered resources
- All communication is secured regardless of network location
- Access to individual enterprise resources is granted on a per-session basis
- Access to resources is determined by dynamic policy
- The enterprise monitors and measures the integrity and security posture of all owned and associated assets
- All resource authentication and authorization are dynamic and strictly enforced before access is allowed
- The enterprise collects as much information as possible about the current state of assets, network infrastructure, and communication and uses it to improve its security posture
- Six Foundational Elements of Zero Trust
- Identities
- Devices
- Applications
- Data
- Infrastructure
- Networks
Comments (0)
To leave or reply to comments, please download free Podbean or
No Comments
To leave or reply to comments,
please download free Podbean App.