Thom explains Zero Trust Networks
Who should you be trusting? JUMPSEC cyber security expert Thom explains what is meant by the term “Zero Trust Network” in this edition of JUMPSEC’s Jargon Buster Series – helping you navigate Cyber Security Terminology.
“On typical networks, all users who are able to access the network – either by password authentication or physical access – are somewhat trusted. Zero trust networks do exactly the opposite, granting no privileges or trust to users who are connected. Zero trust networks provide the bare minimum, usually simple Internet and printer connectivity. In order for users to access network resources, strict identity verification checks are performed (such as password-authenticated VPNs). This added layer of security means that even if an attacker could gain access to a network, they would be unable to interact with any critical resources on the network.
A zero trust network is a security platform that trusts no one from both inside or outside the network. It requires strict identify verification by incorporating several different security principles and technologies for every person and device trying to access resources on a private network. This is an added layer of security to prevent data breaches.
Zero trust networks are used by companies who want to uphold a strong security stance. By not trusting anyone regardless of whether they’re on the network, and requiring all users to provide additional authentication, it prevents attackers who are able to access the network from gaining access to critical resources. Limiting the exposure that business critical assets have to all users except those who have demonstrated a high level of authorisation reduces the risk these assets pose within an organisation.”