Be Sure Your Zero Trust Plan Gives Complete Coverage

So, you’re moving to a Zero Trust security plan. You know the principles of Zero Trust. Great. But you also need to ensure your Zero Trust plan covers all the bases. That means three areas: what your plan covers, when, and where.

Your Zero Trust plan needs to ensure you’re managing access to and from every type of entity. That means access management from:

• All devices—That means computers, including desktops and laptops, but also mobile phones and other mobile devices.
• All users—Employees, contractors, vendors, and customers.
• To all types of data and applications— Your Zero Trust plan needs to manage access to your cloud applications and data as well as on-prem ones. It needs to handle databases, servers, software, and everything that could put your company at risk.

Key to Zero Trust is the idea that you don’t trust access attempts inside the organization any more than those coming from outside of it. So, when users inside the firewall try to access an application, you manage them largely like you would those outside the firewall.

In addition, Zero Trust doesn’t make exceptions. Your high-security requirements apply whenever someone attempts to access an application or data. When pretty much means always.

Traditional security methods are focused on the endpoints where cyber criminals initiate their attacks. Zero Trust applies everywhere:

• Data access points
• Cloud applications
• On-prem and legacy apps
• Ideally, the desktop, laptop, or phone—so that even the device login is protected

Identity and access management tools, such as Single Sign-On (SSO) and, Multi-Factor Authentication (MFA), can help you address the what, when, and where. SSO improves both security and ease-of-use, eliminating passwords and using a vetted trust relationship for safe authorization. MFA adds an important level of security by requesting additional data from users to verify they are who they say they are.

Add to this a good identity management system that provides role-based access control and easy provisioning capabilities; a system to protect devices through SSO; and, preferably, risk-based authentication that accounts for contextual information such as the user’s location, IP address, and login time to create user profiles and challenge risky login attempts. These tools, on top of a secure infrastructure with micro-segmentation, will help you implement Zero Trust security in a way that isn’t burdensome to users.