What is Zero Trust?
Zero Trust is an approach to cybersecurity rooted in the philosophy of “trust no one and nothing.” It is increasingly difficult to secure data in evolving business environments. The traditional security model implicitly trusts users and devices once they access the network. Instead, this approach trusts no one by default, and requires continuous verification from everyone, on every device, trying to gain access to resources on the network. Zero Trust verifies user identity and privileges as well as device identity and security.
What is Zero Trust Architecture (ZTA)?
Zero Trust Architecture is the framework used to ensure that only authorized individuals, devices, and applications can access an organization's systems and data. ZTA is all of the systems, applications, and protocols used for denying access by default, verifying every identity, validating every device, and intelligently limiting access to every resource.
What are the ZTA requirements?
ZTA requires SLAC to continuously monitor and validate every user and every device. This ensures they have the right privileges and attributes to access SLAC-supported applications and networks. It requires enforcement of a policy that considers the risk of the user and device before permitting any transaction. It requires that SLAC know all of their accounts, and establish controls about what and where they connect.
Zero Trust adoption requires the engagement and collaboration of SLAC IT and Cyber Security with science and mission support communities. SLAC has multiple projects underway to implement and comply with foundational ZTA pillars.