Identity security and Zero Trust have emerged as critical components in the defense against quickly evolving cyberthreats. Together, the solution and the approach support a default stance of “never trust, always verify,” with every risky action requiring authentication, authorization and audit.

In this week’s episode of The Future of Security Operations podcast, I'm joined by Nicolas Chaillan. Nicolas is a security leader who has held several high-profile roles in US federal agencies including Chief Software Officer for the US Air Force and Space Force, Special Advisor for Cloud Security and DevSecOps at the Department of Defense (DOD), and Special Advisor for Cybersecurity and Chief Architect for Cyber.gov at the Department of Homeland Security.

It’s vital to have a common understanding and shared context for complex technical topics. The previously adopted perimeter model of security has become outdated and inadequate. Zero Trust (ZT) is the current security model being designed and deployed across the US federal government. It’s important to point out that ZT is not a security solution itself. Instead, it’s a security methodology and framework that assumes threats exist both inside and outside of an environment.

Zero Trust and the Principle of Least Privilege are security models designed to improve security posture by restricting unnecessary access to systems and data. Both models are a reliable way to limit access to resources and tighten your security measures.

The zero trust maturity model is a Cybersecurity and Infrastructure Security Agency (CISA) initiative to help achieve a modern approach of zero trust through the implementation of five pillars with cross-cutting capabilities. The five pillars of zero-trust security are identity, device, network, application and workload and data.

This is Part 5 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here. The goal of this article is to provide a quick getting started guide to Zero Trust. To understand Zero Trust, it helps to first know a couple of terms: ZTA and ZTMM.