Nonprofits used to rely on perimeter defenses to wall off their networks from malign actors. But such perimeter defenses have been rendered obsolete by advancing technology. With much of their data on the cloud and accessible through mobile means, defenses must be built around every user since every user is vulnerable to attack.
Calvin Hennick filed this report for BizTech:
Zero trust is a new security strategy that sprung up in response to the idea that organizations can no longer rely on the network perimeter to assess trust. In a zero-trust model, notes identity management solution vendor Okta on its website, “people are the new perimeter.”
In a white paper on the topic, Forrester describes zero trust as “an architectural model for how security teams should redesign networks into secure micro-perimeters, increase data security through obfuscation techniques, limit the risks associated with excessive user privileges, and dramatically improve security detection and response through analytics and automation.”
To ensure all resources are accessed in a secure manner, Forrester advises organizations to treat all traffic and users the same — even if the person requesting access is the nonprofit’s executive director, sitting at his or her desk. Organizations taking a zero-trust approach should adopt a “least privilege” strategy, Forrester notes, providing employees the minimal level of access needed to do their jobs. They should also inspect and log all traffic for suspicious activity.
Forrester goes so far as to say traditional approaches to cybersecurity “can’t mitigate the consequences of a breach,” and calls zero trust “the only approach to security that works.”