fbpx
Mytek Logo
MyTek Logo

Tip of the Week: Examining NIST’s Definition of Zero Trust

by | Oct 20, 2021 | MyTek Blog, Tip of the Week

Q

Subscribe To The Blog

By subscribing to the blog, you will be notified when a new blog post is created on the site.

How many people do you trust? This is a pretty difficult question, but luckily, in a zero trust network, that question is answered for you. The idea of this network is that everyone, no matter who they are, needs to be verified. You might imagine that this has been effective in preventing breaches.

But what is a zero-trust network? Let’s take a few minutes to break down the National Institute of Standards and Technology’s definition of zero trust, based on the seven “tenets” that must be followed. There can be found in their Special Publication 800-207.

How Does NIST Define Zero Trust?

This is the definition of Zero Trust, found in the publication:

“Zero trust (ZT) provides a collection of concepts and ideas designed to minimize

uncertainty in enforcing accurate, least privilege per-request access decisions in

information systems and services in the face of a network viewed as compromised. Zero

trust architecture (ZTA) is an enterprise’s cybersecurity plan that utilizes zero trust

concepts and encompasses component relationships, workflow planning, and access

policies. Therefore, a zero trust enterprise is the network infrastructure (physical and

virtual) and operational policies that are in place for an enterprise as a product of a zero

trust architecture plan.”

Zero trust makes it harder for threats to get in and also simplifies the task of identifying how threats got in.

NIST’s Seven Tenets, Reviewed

Here is the list of the seven tenets, so let’s see what each of them requires.

“All data sources and computing services are considered resources.”

This means that anything that is connected to the network has to abide by all access controls and security requirements that have been established on the network.

“All communication is secured regardless of network location.”

Whether a device is on the network or not, all communication should maintain the highest levels of security, just as it would if external networks were involved.

“Access to individual enterprise resources is granted on a per-session basis.”

One of your users may need access to one of your assets for a limited time or even for a single session. Requiring authentication every time resources are accessed will help limit any chance of unauthorized usage.

“Access to resources is determined by dynamic policy—including the observable state of client identity, application/service, and the requesting asset—and may include other behavioral and environmental attributes.”

Business technology is super complicated, which is the hard fact of the matter. Especially now that remote work is an option for your employees, it gets even more complicated. A lot of data is being handed out because of this, and taking into account the permission can make it more secure.

“The enterprise monitors and measures the integrity and security posture of all owned and associated assets.”

Zero trust, even though it may sound a little cliche, means that you can’t trust anyone or anything. All assets should be monitored carefully so that threats can’t intrude and patches are taken care of in a timely manner.

“All resource authentication and authorization are dynamic and strictly enforced before access is allowed.”

Zero trust approached makes sure that access permissions are confirmed continuously, and takes a lot of different inputs into consideration to determine whether to grant access.

“The enterprise collects as much information as possible about the current state of assets, network infrastructure and communications and uses it to improve its security posture.”

Keeping track of everything in the network environment is important for security to be kept. This includes three core components: the policy administrator, the policy enforcement point, and the policy engine. 

Security is so important and MyTek can help by monitoring your network for you. Give us a call today at 623-312-2444 to learn more about zero trust networks.

ABOUT THE AUTHOR

Tim - Team

Tim Tiller, LMSW

 
Tim Tiller, MSW brings a deep service background to his role at Mytek, having graduated from McDonald’s management training program, fresh out of high school, and working his way up through the ranks in the hospitality industry. He has led two prior companies – Multi-Systems Inc., an IT-focused organization providing technology to hospitality companies (where he was named President at age 36), and most recently, as Chief Operating Officer for Jewish Voice Ministries International.

Q

Subscribe To This Author

By subscribing to the author, you will be notified when a new blog post is created by the author.

AUTHOR’S RECENT POSTS

New Update Brings Windows 11 to Chrome

The Chrome browser from Google has recently gotten an update that is surprising users a little. Chrome can now change many menus to Microsoft Windows 11 style menus. You might be surprised to learn that Microsoft and Google are working together in some places....

Learning Telltale Signs of a Phishing Email Can Save Your Business

We know you’ve heard of phishing by now, and this threat is getting bigger and bigger as time passes. With this growth, phishing attacks are becoming harder than ever to identify. Sometimes, it can be really hard for businesses to tell the difference between phishing...

I Need My Computer Repaired, and I Need It Right Now

You’re working on a big project when all of the sudden your computer crashes. Uh oh. What do you do? Obviously, you should immediately reach out to support, but let’s look into how your acquisition of support might go, even if the issue at hand can’t be handled...

Mobile? Grab this Article!

QR Code

Blog Archive

Share This