Zero Trust is a security model and set of mechanisms that emphasizes identity verification, least privilege access, continuous monitoring, and segmentation to provide security controls for digital assets without relying solely on traditional network controls or perimeters.
Here are 7 principles that can help you putting in practice:
- Use static permissions & user behavior analysis to authenticate & authorize each action, not just at the start of a "session".
- Use consistent communications between components, regardless of whether it's another service or human interface.
- Leverage encryption over all communications channels.
- Eliminate unnecessary pathways between resources.
- Use gateways between components to implement rate limiting, leverage identity & access management, and get logging and metrics out-of-the-box.
- Enforce the right amount of security at each point of access. Instead of placing the largest lock you can find on the house and leaving the rooms inside open, put the right sized lock for each door depending on the value behind it.
- Identify all assets and users uniquely, provide the right permissions, and maintain vigilance with monitoring and maintenance.
Want to learn more and get some hands-on practice?
- Read about Zero Trust architectures on the AWS Security Blog.
- Check out the free AWS Zero Trust workshop.
If you found this helpful, please share this post 👍