Increasingly, the cybersecurity landscape is shifting from perimeter-based security to a focus on identity and access management, data security, and a relatively new model known as zero-trust security.
Zero-trust focuses on how users gain access to networks and systems, and how they are treated once they are inside an agency’s IT perimeter. Cisco’s Duo Security describes its core principle, saying that organizations “should not trust anything inside or outside of their network perimeters and should instead verify anything and everything that tries to connect to applications and systems before granting them access.”
Another key element of zero-trust security, described by Palo Alto Networks is to “adopt a least-privileged access strategy and strictly enforce access control,” which “can significantly reduce the pathways for attackers and malware.”
