25 April 2021
Zero Trust: what it is and what it is not
ITProPortal.com published an article by Vadim Chakryan, an information security officer at DataArt, discussing how Zero Trust works, its benefits and pitfalls, and the best ways to get started with the concept.
«The premise of Zero Trust is that there must not be implicit trust granted to any device or subject. Trust must always be verified before granting access to devices and must be regularly re-evaluated. Zero Trust consists of a set of technologies that facilitate constant trust evaluation and control of digital devices, services, and identities.»
«The building blocks of Zero Trust are algorithms that measure trustworthiness and policy enforcement. The policies use trust measurements to identify the level of access to provide to devices and subjects.»
«Zero Trust is not a replacement for a VPN. Moreover, Zero Trust and a VPN might not even complement one another.»
«Even though there are many materials and technologies, it isn’t easy to achieve a full Zero Trust state. It’s hard or even impossible to find one technology or solution that would resolve all the issues involved in achieving Zero Trust in many cases. It’s a journey, not a one-and-done effort.»
Original article can be found here.