Zero Trust: The New Security Paradigm
Key Points
- Zero trust is a security strategy that rejects implicit trust based solely on factors like a device’s network location or a user’s badge, requiring continuous verification for every connection.
- It isn’t a single product or technology you can buy; it’s a strategic approach built around three core principles.
- Traditional perimeter defenses have become ineffective as remote work and hybrid‑cloud environments blur network boundaries, making “inside” versus “outside” meaningless.
- The three zero‑trust principles are: (1) never trust, always verify every access attempt; (2) enforce least‑privilege access for users and applications; and (3) assume a breach will occur and design robust incident‑response plans.
- IBM can help organizations adopt this zero‑trust model by providing services and expertise to implement continuous authentication, least‑privilege controls, and breach‑simulation readiness.
Sections
Full Transcript
# Zero Trust: The New Security Paradigm **Source:** [https://www.youtube.com/watch?v=yn6CPQ9RioA](https://www.youtube.com/watch?v=yn6CPQ9RioA) **Duration:** 00:03:42 ## Summary - Zero trust is a security strategy that rejects implicit trust based solely on factors like a device’s network location or a user’s badge, requiring continuous verification for every connection. - It isn’t a single product or technology you can buy; it’s a strategic approach built around three core principles. - Traditional perimeter defenses have become ineffective as remote work and hybrid‑cloud environments blur network boundaries, making “inside” versus “outside” meaningless. - The three zero‑trust principles are: (1) never trust, always verify every access attempt; (2) enforce least‑privilege access for users and applications; and (3) assume a breach will occur and design robust incident‑response plans. - IBM can help organizations adopt this zero‑trust model by providing services and expertise to implement continuous authentication, least‑privilege controls, and breach‑simulation readiness. ## Sections - [00:00:00](https://www.youtube.com/watch?v=yn6CPQ9RioA&t=0s) **Untitled Section** - ## Full Transcript
xero trust is a security strategy that
says you shouldn't grant implicit trust
to a user device or an application based
solely around some property about them
like their network location
over the next few minutes i'll explain
exactly what we mean by this and how ibm
can help
but let's be really clear up front xero
trust isn't something that can simply be
delivered by implementing a new piece of
technology nor is it a point product or
service that you can just go out and buy
it's a security strategy that has three
core principles but before i come on to
those let me explain why organizations
are increasingly moving on from the
previous popular model of perimeter
security
firstly there's this somewhat medieval
notion that you have a perimeter to your
network where you build the walls as
high as possible and try and stop
malicious actors at the gates
this no longer works because employees
are working from home more than they're
working from the office and because
hybrid cloud is now clearly the
preeminent platform for enterprise
infrastructure so it's an increasingly
complex problem to even define a
perimeter
secondly the concept of trust is a very
human one that we've taught computers to
adapt to for example if i see helen
every day in the office wearing her
employee badge i trust that she's an
employee and is there for the right
reasons in reality i don't actually know
that she wasn't let go last week for
misconduct and is now back in the office
trying to steal corporate data
so a computer security model based on a
human definition of trust is inherently
flawed particularly in a world where
attackers are finding it easier than
ever to steal credentials and disguise
themselves as trustworthy
without a zero trust security model once
an attacker is in the corporate network
they can move laterally to new systems
with relative ease
this brings me on to the first defining
principle of the xero trust model never
trust always verify
just because somebody's on your
corporate network and is carrying that
badge with an employee name on it
doesn't mean that they are who they say
they are or that they're necessarily
well intentioned
so this always verified piece refers to
the fact that every time something like
a user device or application tries to
make a new connection attempt that
attempt should be rigorously
authenticated and authorized and not
simply trusted because it's coming from
inside the corporate network for example
implement least privilege is the second
core principle of a xero trust
architecture which says you should only
grant users and applications the minimum
amount of access that they need to
perform their job effectively and no
more privileged access management is a
great way of implementing least
privilege for admin users for example
and then finally assume breach
this is my favorite of the zero trust
principles because it encourages teams
to plan for the worst case scenario and
build robust and tested incident
response plans so that when attacks do
occur the time to respond is rapid and
well practiced
not only this but this principle
encourages organizations to shrink the
target and the impact zone of an attack
through networking principles like micro
segmentation
so how can ibm security help
we recognize that different clients will
have different business drivers and
priorities for why they want to deploy
zero trust so we've created four
actionable blueprints depending on where
you want to start
they are
reduce the risk of insider threat
secure the remote workforce
preserve customer privacy and protect
the hybrid cloud
you can download these with no form
filling required from
ibm.com
thanks for watching