BLOG

Definition of the Zero Trust model

The Zero Trust model Zero Trust radically changes the way of thinking in the security model. It is based on a very simple idea: never trust anyone, whether the user is from the company or external. They must systematically authenticate themselves and prove their "health status" before accessing company resources.

This model is completely in opposition to the model which is deployed to date in the majority of companies and which is rather based on the fortified castle.

You have perimeter protections all around your security area. But once you have passed the castle gate, you are allowed to go anywhere in the estate. Trust is established the moment you step in and is not questioned afterwards. One of the flaws in this model is clearly this. Thus, if a hacker manages to impersonate one of your collaborators, he will have access to everything on your network!

The Zero Trust model Zero Trust in his reasoning is simple: of course, only let users who have shown a white footing and continue to check, throughout their career in the company, that they only access resources for which they have received clearance.

This model is based on the following fundamental principles:

• Ensure secure access to all resources, regardless of the place of connection;
• Adopt the principle of least privilege and impose strict access control;
• Keep a log and analyze all traffic;
• Assign employees and administrators minimum permissions to access company resources;
• Invest in tools to control the network.

Why deploy a Zero Trust model

In France, in 2019, 65% of companies were victims of cyber attacks. Almost 60% of them said they had suffered damage to their activities. The estimated financial losses are estimated at € 1.6bn, with a cost per company of around € 51k. citer la source

These statistics illustrate the scale of the financial loss and the challenges businesses face today.

The opening of companies' IS to the Cloud, the use of mobile devices, the use of teleworking, so many essential solutions for companies which make even more important the need to verify the rights of users before giving them them. access. Today, the data is no longer only in the "fortified castle", but it is found in different places of the IS internal and external to the company. Access to data is via different solutions and through multiple locations.

It becomes necessary to ensure that each element of the IS is well under control and can only be accessed by duly authorized users.

Zero Trust: a clever cohabitation with old solutions

 The Zero Trust model Zero Trust requires thinking differently about security to always be one step ahead of hackers.

New threats and new ways of accessing corporate resources require rethinking the means of protection. The Zero Trust Zero Trust is clearly identified as a favorable method for meeting new business challenges.

However, perimeter security should not be abandoned in favor of an approach Full Zero Trust. Many companies have chosen to operate in hybrid mode because they have not yet taken the step of Full Cloud. This hybrid operation remains relevant until the entire information system infrastructure has completely migrated to the cloud.