01 May 2021

Zero Trust Architecture (ZTA)

Recently I came across an interesting architecture pattern called as  Zero Trust Architecture (ZTA).

In traditional ‘perimeter’ based  approach, security models of identity, authentication, and authorization have challenges meeting needs of a IT landscape. There is a need to shift security model to asset-centric or data centric. IT landscape can be expanded using asset & data centric policies and not defining any network boundaries. In the classical approach, we restrict everything to a secure network behind a network firewall/boundary or perimeter whatever you would like to call it. In the zero trust approach, we protect digital assets located/deployed anywhere using a central policy.

Zero Trust - It is an information security approach that focuses on data/information security, including life cycle on any platform or network

Zero Trust Architecture - The implementation of Zero trust security strategy that follows well-defined and assured standards, technical patterns and guidance for organizations

Advantages of ZTA - 

  • Enables mobility allowing users to work anywhere using any device
  • Improved business confidence, with new security mechanisms to protect data and applications
  • Reduced scope of threats to support agility and support complexity

More details on this topic are available on the Open Group website. A whitepaper explaining the concept is available for free download at following URL - https://publications.opengroup.org/w210


No comments: