Some say it’s more than just a network security measure. What is “zero trust”?

For years, the concept known as “zero trust” has been a watchword in the field of cybersecurity.

The “zero trust” is used by, inter alia, Google and Microsoft.

The basic assumption of this concept is to change the way the entire IT infrastructure is organized. In the old model, all the computers, servers and other devices in the office building were on the same network and “trusted” each other. Firewalls and anti-virus programs were configured to accept all activities within the network.

Also read: Cybersecurity in Polish companies does not look good

The advancement of mobile device technology, cloud services and remote work has radically undermined this type of security. Organizations cannot physically control every device their employees use. And even if they could, the old network model was still vulnerable to attacks.

What then is the concept of “zero trust”? First of all, it requires the company’s employees to prove that they should have access to the IT network. Typically, this means logging into a corporate account with a biometric or corporate security key instead of the standard user names and passwords to make it harder for attackers to spoof your users. Generally speaking, an employee will not be allowed to enter the internal network until they pass the access authorization. The basis then is action based on specific verification, not trust.

Interestingly, proponents of this concept have consistently emphasized that it is not an installable piece of software, but a philosophy, mantra, mindset. They describe it this way mainly so that “zero trust” does not become an ordinary marketing and promotional slogan.

“Zero trust” also means the high cost of implementation and a complete reorganization of the IT infrastructure

The biggest obstacle to the dissemination of the new model is that most of the infrastructure in use today has been designed according to the old network model. The implementation of the zero trust concept would potentially entail new investments and rearrangement of older systems.

Also read: Google Drive with free offline mode

Of course, the new concept of the network does not cure all cyber evil. Security specialists who hack corporate networks to discover potential security flaws began to investigate what it takes to break into zero trust networks. As it turns out, in most cases it is still relatively easy – it is enough to attack those parts of the network that have not yet been modernized according to the “zero trust” concept.