We're hiring
The concept of Zero Trust and why you should consider implementing it

Introduction

Cyberattacks have increased in size, frequency and sophistication, causing on average $4.24mn in costs. The rise of cloud computing, the remote workforce following the Corona pandemic and legal frameworks like the GDPR have raised the stakes for organizations to protect their sensitive applications and data. The existing “castle-and-moat-paradigm” that trusts users inside the company perimeter has become obsolete.

 

Zero Trust Security is an omnipresent buzzword in the cybersecurity space. More and more companies are turning to this new security paradigm that has one central tenet: Trust nobody — practice zero trust. Does Zero Trust Security really promise to be the much-needed-answer to the constantly evolving and emerging cyber-threat landscape?

 

What is Zero Trust?

The Zero Trust approach has one central tenet: Nothing inside or outside the company perimeter should be trusted. As a result, every user has to authenticate themselves and their identity with every login every time before they are granted access to company resources, applications and data.

 

The Zero Trust Network or Zero Trust Architecture was originally developed by John Kindervag in 2010 during his tenure as vice-president of Forrester Research. It represents a shift from the prior “castle-and-moat-approach” in which the company-internal systems were protected with firewall as moat. In this outdated approach (not fit for the age of cloud computing and remote working), it was assumed that all users inside the company perimeter act responsibly and can be trusted.

 

As most organization’s IT security concepts and architectures are still based on this obsolete approach, many massive data breaches occur once a hacker/malicious actor had made it into the company perimeter. Zero Trust architecture puts an end to this. It effectively eliminates the concept of trust from the company perimeter.

 

Cloud computing and remote working has brought with it that security must be enforced not only at perimeter but beyond to data centers, cloud, web services and outsourced IT services instead of considering cyber security in silos.

 

The main components of Zero Trust

What then are the components that Zero Trust is made of? Most of these technologies and governance processes have been around for long and are now combined with the mission of ensuring the security of the enterprise IT environment.

 

The starting point is micro segmentation and definition of highly specific perimeters based on data like users, location and additional data points that evaluate whether a user can be trusted and granted access. Both the identity of the user endpoint and their security status must be determined. Users are only granted access based on governance policies that determine who can have access to what.

It is technologies like

  • Multifactor authentication
  • IAM (identity and access management)
  • Orchestration
  • Analytics
  • Encryption
  • Scoring
  • File system permissions
  • Governance policies (give users least amount of access they need to complete their tasks)

.

Where to start

How can companies implement a Zero Trust architecture and where should they start? Generally, organizations need to prepare for a gradual and long-term shift. Especially for large corporations it is going to be a gradual, multi-phase and multi-year-transition. The shift to Zero Trust should become part of the overall transition from legacy systems to the cloud. It should be driven by CISO and CIO to determine what part of the IT environment should be prioritized.

 

Aside from the technological changes and implementations, also the mindset of the staff has to change accordingly. The illusion currently is that the internal IT environment is safe and everything within it is trusted. Instead, security executives have to understand that the malicious actors are already in their IT environment.

 

In order to implement Zero Trust architecture, organizations must follow these 5 chronological steps.

Micro-segmentation (micro perimeter):

  1. Identify the protect surface — the protect surface defines what are the most essential, critical data, assets, applications and services in the company network.
  2. Document transaction flow — identify how traffic in the organization moves, who are the users, what applications do they use and how are they connecting?
  3. Build a Zero Trust architecture — creating a micro perimeter closely around the protect surface through a next-gen firewall that makes sure only known, permissioned traffic and legitimate applications can access the protect surface.
  4. Create Zero Trust policy — Leveraging the Kipling method, these policies answer the questions of who, what, when, where, why and how access to company resources are granted through allowing passing through defined micro perimeters.
  5. Monitor and maintain: Defined zero trust policies need to be monitored ongoingly, e.g. if new elements should be added to the protect surface or some interdependencies have not been taken into account yet.

.

Conclusion

Today’s cyberthreats call for a new security paradigm to protect sensitive data, applications and services in enterprise IT environments. The Zero Trust paradigm eliminates trust from the company perimeter, making it necessary for users to always identify and authenticate themselves before being granted access.

 

More and more organizations are adjusting their IT environment to reflect this approach and it is determined to become the dominant paradigm over the next 3–5 years. While Zero Trust doesn’t require the implementation of specific solutions, it requires the combined implementation of existing technologies around the definition of micro perimeters. The transition to the Zero Trust paradigm should be driven by CISO, CIO and executive board and must be accompanied by a mindset shift.

RESEARCH BLOG

Lets have a look at our other
interesting blog posts

Cybersecurity Upgrade: Cryptix Joins Forces with Hacken

Cryptix and Hacken have teamed up to offer our clients a slate of next-level cybersecurity services. See what we’re offering and how we can help you protect your digital assets. Read more

#PlayToWin: Cryptix Partners with Finaport Zug Open 2023

See what Gold Sponsors Cryptix and Cryptix Security have planned for the weeklong tennis tournament, and what Web3 and championship tennis have in common. Read more

Cryptix at Crypto Valley Conference 2023: Story and Pics

Cryptix AG had a great two days at Crypto Valley 2023, where it served as a Gold Partner, hosted a masterclass on crypto security, and networked with other industry leaders. See full story and pics. Read more

Cryptix C-Suite Promotions Underscore Company Growth and Maturity

See what these new promotions say about Cryptix as a firm and what they mean for the company's future. Read more

Cryptix Mentors New Startup Talent at WW3M Hackathon in Vienna

See how Cryptix utilized Vienna hackathon to mentor - and also learn from - the next wave of Web 3 innovators. Read more

Artificial Intelligence Responsibly: Best Use Cases for ChatGPT

See how to limit your exposure to data risks and misleading information, and get the most out of your ChatGPT experience. Read more

Cryptix AG is home to first CCSS auditor in EU and Switzerland

Cryptix Group became the first company in the EU and Switzerland with a CryptoCurrency Security Standard (CCSS) auditor on staff. Read more

Cryptix AG makes strategic investment in SMAPE Capital

New partnership reflects the two organizations' shared values and vision. Read more

Why financial literacy is more important than ever

Users have more options for banking and financial service providers than ever before, while having a much larger and broader choice of assets to invest in. Read more

Going Back in History: How Banking and Financial Services Evolved

25 years ago, your banker knew you personally (and you knew them). Then the internet came around. Read more

Investor platform Equito launches crowdfunding solution

Cryptix announced that it has received regulatory approval to launch of Equito – a fully regulated, all-in-one investor platform designed to unlock new financing channels for European start-ups and SMEs. Read more

It’s 2022, why Are We still Lacking Financial Literacy?

Financial literacy of the general population is lacking. This is a common finding in research studies and surveys. Yet individuals need to take responsibility for their personal finances. Read more

Cryptix launches what is likely to be the most future-proof apprenticeship in Switzerland

Zug, 13.04.2022 - From August 2022, venture builder Cryptix AG will train apprentices, making it one of the few companies in Switzerland that offers young people the chance... Read more

Cryptix launches new venture with the MiFiD II investment licence

Switzerland, 30 August 2021: Switzerland-based fintech venture builder Cryptix has unveiled its latest venture, Equito, at Crypto Valley's flagship event, the CV Summit. Read more

Cryptix Group Forms a Successful Joint Venture

It is a coup that had been planned for some time. By involving a group of investors, Bernhard Koch made his Digital Asset Exchange Blocktrade an even stronger part of his emerging ecosystem of Fintech companies. Read more

10 Things You Don’t Want to Hear About Founding a Startup, But Need to

Enough about romanticized growth stories and myths of overnight success! Having been involved in a number of ventures, here’s a no-nonsense breakdown of what founding a start-up inevitably entails. Read more

The difference between Incubator, Accelerator and Venture Builder

“Something about start-ups and unicorns.” While it is true that accelerators, incubators and venture builders all are committed to support startups, they differ in their services and the goals they pursue. Read more

Cybersecurity Prevention for Small Budgets: Holistic Strategies

In our latest article, our cybersecurity expert Alexandre Horvath shows how even small and medium-sized companies can build cybersecure environments - without breaking the budget. Read more

e-Vaccination Certificates: Could Blockchain be the cure?

Currently one of the hottest topics and certainly one we leave to the experts: COVID vaccinations. However, when it comes to potential blockchain solutions for eVaccination certificates, we can't stay quiet. Read more

Anonymity does not equal privacy

Being anonymous: A fairy-tale?! The third part of our privacy series is dedicated to the concepts of anonymity, pseudonymity and security. Read more

The Definition of Privacy

"I got nothing to hide!" is probably the most commonly heard argument when someone is asked about their privacy on the Internet. Read more

Foreword Bernhard Koch: The value of privacy and the lack thereof in modern times

Privacy is the cornerstone of freedom and liberty. In business, as in our personal lives, there are things we want to keep confidential by all means. Read more

Let us support you to
get started with digital payment!

CONTACT

Get in touch

[contact-form-7 id="2562" title="Anfragen"]