With the increased reliance on computers and other digital devices, from simple tasks to sophisticated actions such as controlling power stations and military equipment. Cyber security has become an important element of the world of technology. The zero-trust model of network security, also referred to as perimeter-less security, is a system of security that emphasizes the authentication of all devices before allowing access to the system. This model does not trust any device, even if it belongs to the organization or has been authorized before. The model has in the recent past become popular with intelligence agencies due to its effectiveness in keeping away malicious users (Buck et al., 2021). The term zero security was first used by Stephen Paul Marsh in 1994 while pursuing his doctorate. The model is purposed to protect information systems and reduce the risk of cyber-attacks by creating multiple layers of security and authentication. The technology was developed due to the realization that a trusted device connected to the internal network can be penetrated and used as the point of unauthorized access to vital data.
In the past, network security methods organized their strategies by blocking access from outside the network perimeter and trusting devices located within the network. This outdated network security method was also referred to as the perimeter or castle and moat method of network security. However, this method has a major flaw in that if an attacker gains access to one device within the network, they can easily gain access to other devices and sensitive information (Shore, Zeadally & Keshariya, 2021). This method has also become obsolete, with more individuals working from home, especially during the Covid 19 pandemic. This allows employees to work from anywhere globally, making the boundary for corporate networks almost impossible to define.
The model can be implemented using both role-based access control and attribute-based access control. When using the role-based access control method, users are provided with different levels of access and capabilities depending on their role in the institution. A manager, for instance, might be given more access and control over the system compared to the secretary. On the other hand, the attribute-based access control method provides users with different access and control depending on their attributes. Some of the attributes that might be used include the user’s title, the amount of time spent at the company, and the kind of device they are using. This method is more complicated and provides more layers of security compared to the latter method.
In addition, the zero-trust model of network security can be implemented in conjunction with the just-in-time access technique. The technique allows a user to gain access to the organization’s network after verification for a limited time, after which, if the user intends to keep using the system has to log into the system again (Rose et al. 2020). It is recommended that each organization gain a deep understanding of all the methods that can be used in conjunction with zero-trust models before implementing the method. Different security methods are ideal for different organizations depending on their requirements.
In the contemporary world, more than half of all employees use their personal devices while at work, which poses a risk to the organization’s security. Personal devices can be attacked and infected with viruses more easily than devices belonging to organizations can. Personal devices are also more likely to be used on social media platforms and other websites that act as breeding grounds for computer viruses and hackers.
Buck, C., Olenberger, C., Schweizer, A., Völter, F., & Eymann, T. (2021). Never trust, always verify: A multivocal literature review on current knowledge and research gaps of zero-trust. Computers & Security, 110, 102436.