In a recent Tripwire survey, over 300 respondents from both private and public sectors said that implementing Zero Trust Architecture (ZTA) could materially improve cybersecurity outcomes. This result seems like a positive outcome since we don’t often get such a unanimously high confidence level in a specific security approach from survey data. No doubt, ZTA has the potential to fundamentally change the cybersecurity landscape, and a unified security perspective is something from which we could all benefit given the challenges at hand.

Nearly six months ago, the federal government put its stamp of approval on the Zero Trust security approach in Biden’s first Cybersecurity Executive Order. As architectures evolve and deadlines for agency implementation get closer, we felt it was important to offer reference models that could help agencies determine the best approach. We have done so in our latest guide, A Tripwire Zero Trust Reference Architecture. In the guide, we provide three evolutionary examples of a ZTA, including a reference architecture for Tripwire controls utilized within Zero Trust.

As I mentioned during a recent podcast, one of the tricky things about the term Zero Trust Architecture is that the word “architecture” implies a very well-defined object. In practice, Zero Trust is really a set of principles that are implemented partially in different ways. What’s most important is that all of the organizations trying to achieve some kind of ZTA are marching in the same general direction based on a core set of principles.

Arguably, the most foundational principle of any ZTA, and what I hear most often discussed in customer conversations, is how trust must be continuously verified for every person, device, or entity in a Zero Trust system. What I don’t often hear people discuss is how you maintain the trustworthiness of the systems involved in (Read more...)