1. Zero-Trust Architecture Enhances Government Security
Zero trust is a security architecture that focuses on protecting resources (assets, services, workflows, networks, etc.), not network segments. Its guiding principles are to never trust and always verify, to assume a breach is going to happen, and to verify explicitly.
Unlike traditional perimeter network defense methods, zero trust assumes that any touchpoint on a network represents an attack vector for a hacker. In a zero-trust model, the network validates all user access requests before granting access to critical assets.
While zero trust doesn’t safeguard networks from every possible attack, it reduces the risk of advanced threats and breaches by thwarting unauthorized lateral movement and access, speeding up threat detection and response, and closing gaps in visibility.
Last August, NIST published SP 800-207 to codify zero-trust architecture models. In February, the National Security Agency published “Embracing a Zero Trust Security Model,” which is a common-sense explanation of zero-trust principles, including a zero-trust maturity model to help implementers gauge their adoption efforts.
The joint Defense…
