What is Zero Trust?
Illustration: Getty Images
President Biden made “Zero Trust” a centerpiece of the cybersecurity Executive Order he signed earlier this year, transforming the idea from a trendy catchphrase to a federal mandate.
Zero Trust is a network security strategy based on the assumption that your network is already breached or will be soon.
Why you should know: Internal attacks are more common than external attacks, and almost always more damaging. Zero Trust will help the government adapt to this new threat landscape.
The data says: Last year there were more than 1,000 known data breaches in the U.S., affecting more than 150 million people.
- 80% of them involved compromised privileged credentials.
- 40% of cyber breaches start with authorized users accessing unauthorized systems.
If traditional cybersecurity sees networks like castles, accessible through a front gate, Zero Trust sees them like cities where valid users may travel straight to their specific destinations.
Just because someone enters your city, it doesn’t necessarily mean they can be trusted to move around freely, so Zero Trust rests on internal policing and continuous validation, verifying each request for access based on a comprehensive security policy.
“Zero Trust starts by assuming your network is already breached,” says Leidos expert Jeff Mims. “This allows for open, citylike architectures without walls, which can actually increase security if you’re smart about things like multi-factor authentication, device compliance, encryption and risk-based access control.”
- “In essence, a Zero Trust Architecture allows users full access but only to the bare minimum they need to perform their jobs,” the Executive Order reads. “If a device is compromised, zero trust can ensure that the damage is contained.”
As a leading cybersecurity provider for the federal government, Leidos can help your organization navigate the move to Zero Trust. Learn more about our approach to Zero Trust.