One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1658169 |
| Date de publication | 2020-04-16 12:00:00 (vue: 2020-04-16 13:01:04) |
| Titre | 7 key steps to Zero Trust |
| Texte | This is part 3 of a 3 part blog series My last two blog entries provided some key elements of a Zero Trust Network (ZTN), which focused on the tenets of zero trust and how the confidence is gained for untrusted traffic and authorized on a continual basis. The comprehensive nature of Zero Trust can be a little overwhelming in a world of limited resources, time and budgets. As security breaches persist, organizations understand that something must be done, and Zero Trust is most certainly worth looking into. As an organization begins their journey to Zero Trust – first acknowledging that it is, in fact, a journey involving lengthy cycles of assessing, planning, architecting and designing, piloting and implementing – it is important to understand how far you want to take this journey and then follow an overall roadmap to get you there. At a high level, this plan or roadmap should cover the following: Develop a strategy – Understand first why you want to take the organization to Zero Trust. What are the overall goals of the business? Do you only want to target a specific portion of your network, or the entire enterprise? Will you only be implementing a software defined perimeter, washing your hands and saying “Done!”? Mapping the business’ goals to the cyber threats putting those goals at risk will help formulate the Zero Trust strategy to mitigate that risk. This will help you build your case and get executive buy-in because without that, you will not have the support you need to see this journey to the end. The length of your journey will be determined by the strategy. Given the broad nature of Zero Trust, many key departments of the business, such as development, finance, legal and HR should also be involved and/or consulted in the overall composition of the strategy. Involving the right people early on in the process not only fosters better communication, but also helps to provide for a successful deployment overall. Define your Element of Protection – As your strategy is being developed, you need to understand what you are trying to protect. Most likely your defined element or elements of protection is your business data. You need to determine what part of your business assets will be protected. Will it be only sensitive data? Customer data? All data? What are the varying levels of data you need to protect? PCI and ePHI data, for example, may have different classifications than financial records, or product designs. You need to classify all data to understand how it is to be protected. Enumerate your data & traffic flows – The next step is to see where that data is stored, where it is going, and who or what is handling that data. This is a critical step since it will drive a bulk of the policy decisions in your architecture. You also don’t want to complete your Zero Trust journey only to discover a breach still occurred because of some neglected area. Mapping these transaction flows will also utilize asset and application inventories, and an overall taxonomy of these will be used for other development areas. For example, a data transaction that is discovered running from an application server to a database will involve cataloging the access requirements of the application, the users that access that application, how they access the data, the application owners, system owners, supported developers, database owners and administrators, and the communication requirements on the network. As much information that can be obtained for each component of every step along the flow will gain you enormous ground in developing policy and the components of automation that dynamically change that policy. Assess Your Zero Trust Maturity – Many organizations already have various elemen |
| Envoyé | Oui |
| Condensat | “done a are about access accordingly acknowledging across action activity adjust adjusting administrators advanced against agent algorithm algorithm’s algorithms all allocating allow along already also analytics ancillary and/or any application approach architecting architectural architecture are area areas assess assessing asset assets attention authentication authorization authorizations authorized automation aware b2b based basis because become been before begin begins being benching benefits better blog breach breaches broad budgets build bulk business business’ but buy can care case cataloging certain certainly change classification classifications classify cloud collectively communication company complete completed component components composition comprehensive confidence consulted context contextual continual continuous core cost cover criteria critical crown currently customer cyber cybersecurity cycles data database decisions defenses define defined departments deployment deployments design designing designs determine determined develop developed developers developing development different difficult discover discovered dlp does don’t done drive driven dynamically each early effective effectively efficient element elements enables end enforcement engines enhanced enormous enterprise entire entries enumerate enumerated environment ephi established establishing evaluate evaluates every example executive extremely fact far feeding finance financial firewall first flow flows focus focused follow following: formulate fosters from fulfill furthermore future gain gained gateway generation get given goals going govern governed ground group handle handling hands haphazardly has have help helps high how however identify identity illustrate impact implementation implemented implementing important incorporate increased information initiative intelligence interact inventories investment involve involved involving iot its jewel jewels journey just key kinks kpis last least legal length lengthy level levels leveraging like likely limited little load location look looking looks lot made maintain makings management many map mapping matches maturity may measures meet met metrics micro migrated mission mitigate monitor monitoring more most move moving much must nature need needs neglected network never next not obtained occurred once only operate operating organization organizations other out outline overall overhead overnight overwhelming owners part pci people performance perimeter perimeters persist perspective pilot piloting pki plan planning plans play point policies policy policy’s portion preemptively premise probability process product program programmed programs protect protected protecting protection provide provided public putting ready records reduce reduced refresh regular relates rely remote request requests require required requirements resource resources respect return right risk road roadmap role running saying score security see segmentation sensitive series server should significantly since single software solution some something specific spend state step steps stored stores strategic strategy success successful successfully such sufficient support supported system systems take taking target taxonomy teach technology tenets tenets of testing than then these those threat threats through time today together traffic transaction transactions trust trying tuning two understand understanding understands undertaken untrusted used users utilize utilizedthat various varying versus very vpn vulnerability want washing web weigh weights what where whether which who whole why will within without world worry worth you’ve your zero zta ztn |
| Tags | Vulnerability Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.