Zeroing In On The Zero Trust Model Via Simulation Platforms

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

A concept receiving much attention lately in public policy circles is Zero Trust. John Kindervag, the Father of Zero Trust, has been getting a lot of speaking engagements suddenly. And for a good reason. Risk Management – or what John refers to call “Danger Management” as ZT and the objects of its attention are only specific dangers posed to an organization ahead of risk management.

But as long as it ends up as part of the solution or the driving motivation for a ZT implementation.

So, What Is Zero Trust?

John will call it a strategy but for me, I see it in application, as an essential principle of Risk Management. A core tenet of the Zero Trust model is to assume that the network has been compromised and includes hostile intruders, which implies an obligation to authenticate and authorize every connected person or device.

Formally defined by NIST, from John Kindervag’s original work in 2008, Zero Trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets and resources. A Zero Trust Architecture (ZTA) uses Zero Trust principles to plan industrial and enterprise infrastructure and workflows. Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned). See Zero Trust Architecture | NIST.

Why Now?

The acute crisis

Read more

Explore the site

More from the blog

Latest News