Yet the adoption of zero trust thinking has brought a new challenge: how do we get there?
This guide lays out a practical approach in five phases for implementing Zero Trust for the Workforce, which comprises an organization’s users and their devices, and how they access applications. The approach is iterative. Begin with a specific set of people, expand coverage for their
applications and expand coverage for their devices. Once we are always verifying trust within this well-defined scope, apply a set of reasonable policies to enforce trust and protect the organization. Finally, integrate this scope with the broader organization’s IT and security functions and shift to continuous improvement. Following these steps, an organization can incrementally achieve a zero trust transformation.
White Paper by Cisco
This guide lays out a practical approach in five phases for implementing Zero Trust for the Workforce, which comprises an organization’s users and their devices and how they access applications.
The Zero Trust Approach
The zero trust principles share much in common with the fundamentals. Like default deny, zero trust
begins with no access until trust is demonstrated and established. As with least privilege, zero trust relies on just enough trust and seeks to minimize excessive trust. Zero trust builds upon these fundamentals with following concepts:
Visibility informs policy
Provide as much intelligence and insight as possible to the people administering the technology, in order to produce informed policies.
Trust is neither binary nor permanent
Continually reassess the posture of users, devices and applications and adjust your trust accordingly. Be prepared to respond to events that raise the risk level by containing newly discovered threats and vulnerabilities.
Ownership is not a control
Validate and extend trust to devices, applications and networks that you
don’t own or manage, from BYOD (bring your own device) and IoT (Internet of Things) devices to SaaS and public cloud.
The perimeter is any place where you make an access control decision
Access decisions are based on re-establishing trust every time
About Duo Security
Duo Security, now part of Cisco, is the leading multi-factor authentication (MFA) and secure access provider. Duo comprises a key pillar of Cisco Secure’s Zero Trust offering, the most comprehensive approach to securing access across IT applications and environments, from any user, device, and location. Duo is a trusted partner to more than 25,000 customers globally, including Bird, Facebook, Lyft, University of Michigan, Yelp, Zillow and more. Founded in Ann Arbor, Michigan, Duo also has offices in Austin, Texas; San Francisco, California; and London.
This report was created by Cisco/Duo https://duo.com/