The National Security Agency issued instructions for defense agencies and contractors on how to set up a zero-trust network architecture.
The push to zero trust where compromise is assumed and users are asked to verify their identity as they move around a network has grown stronger after the discovery of the massive SolarWinds hack last year. The penetration of sensitive network components by suspected Russian hackers in the breach was another dire example of cybercriminals gaining wide access to information once in a network.
Adopting the Zero Trust mindset and leveraging Zero Trust principles will enable systems administrators to control how users, processes, and devices engage with data. These principles can prevent the abuse of compromised user credentials, remote exploitation, or insider threats, and even mitigate effects of supply chain malicious activity.
The document includes the pitfalls and challenges associated with its implementation. A lack of commitment by leadership to enterprise wide adoption is primary among those challenges listed in the document.
With the pervasive need for Zero Trust concepts to be applied throughout the environment, scalability of the capabilities is essential doc states