Open in app

Sign in

Write

Sign in

Part 1 : Zero-trust is not a “solution”

Yogesh Gupta
2 min readAug 13, 2022

--

Every security vendor that I have met and who has given a presentation to me in last six months starts with either a zero-trust “solution” or a SASE “solution”. It had reached out to a point that I think there are only two security solution sold in the market today — Zero Trust and SASE. I will come to SASE in my later blog. But …..

Cmon guys, Zero trust is a solution ? When ? How ? The vendors are selling and organizations are buying it as well …. Hate to say that security vendors are driving security initiatives in most organizations and this is because of lack of cyber security skills ….

I would say Zero Trust is a security strategy or framework and the end goal is to make sure you can eliminate the risks from users, devices, servers or any other resource who is accessing your IT infrastructure. How do you make sure a person who is at your door does not gain access without making sure he is absolutely no harm to you.

As an organization, you need to put your heads together and plan a strategy. Some of the considerations are:

  1. How do you make sure users who are trying to access the infrastructure are genuine users ? How do you make sure that a compromised identity has not been used to login ? Do you have MFA in place ?
  2. How do you make sure device that is used to login is not compromised ? How do you make sure that device is not part of any botnet ? How do you make sure there is some EDR solution is place ? Or how do you make sure there is anti-virus / anti-malware is installed ?
  3. How do you make sure when the user is connected, malicious download of data will not happen ? How do you make sure user will not download confidential and sensitive data of the organization ? Does the endpoint has DLP solution installed ? Do you have CASB deployed to enforce DLP policies for SaaS applications ?

So, there are lot of aspects that needs to documented in order to have a sound “zero-trust” approach.

Zero-trust cannot be achieved just by putting a set of solutions by a vendor. There is lot of technical and non-technical aspects that comes into play.

We will discuss each and every aspect in the coming blogs …..

Zero Trust
Cybersecurity
Cloud
Security
Devsecops

--

--

Yogesh Gupta

Written by Yogesh Gupta

43 Followers

Security Transformation (SX) Advocate, Cloud & Digital Security

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams