Everyone seems to be talking about zero trust these days but often it’s only talking. There are very few businesses out there that have successfully deployed a zero trust architected network.
It’s no help that the topic is confusing, complex, and abstract, and the journey to a zero trust world is a big undertaking where the security benefits are hard to weigh.
Zero trust is a philosophy
Zero trust is not a product or a solution. It’s not something you buy and install then sit back and relax. It’s not a feature you enable. It’s not a single tool or technology. It’s not made by a single vendor.
Zero trust is a philosophy for how to think about cybersecurity and a model for how to do cybersecurity.
The traditional model for security has been “trust, but verify.” Organizations would build a computer network, protect it with a single perimeter (typically a firewall), and trust everything that’s within the network.
But this model is flawed. Assuming everything inside is good and everything bad is outside has made life for hackers far too easy. Once they’ve bypassed the firewall, they are able to move around the network with little resistance.
The constant stream of news headlines where organizations have been brought to their knees by ransomware makes it very clear that a new way of architecting security is needed.
Zero trust guides us to never trust something blindly. Instead, we must verify anything and everything trying to connect to our systems before ever granting access. Trust nothing. Verify everything.
Educate, don’t sell
A lot of confusion has been caused by many vendors trying to position their existing technology as zero trust systems or solutions, glossing over important facts about zero trust. This leaves buyers with little to no idea about what zero trust actually is and how to progress along the journey.
The assets at the end of this article are to empower you to educate people on what zero trust is, how to start thinking about it, and to prepare your audiences to dive into more complex zero trust information.
Yes, there is also a side order of how Sophos fits into a zero trust world, but we are only several pieces of the jigsaw puzzle. A true zero trust network requires many technologies, some of which Sophos does not develop or sell.
Do not see this as a negative. We have many key components to offer any organization who are looking to build a zero trust network.
SyncSec and zero trust
We have our own philosophy for security, Synchronized Security, and it shares many of the same goals of zero trust. The two complement each other very well.
We believe cybersecurity should an integrated, interconnected system where all technologies talk to each other and share their unique insights and perspectives on the security posture of the whole network. The firewall sees things the endpoint can’t see. The endpoint sees things the firewall can’t see.
By security technologies talking, they become greater than the sum of their parts.
For organizations on their journey to zero trust, having technologies that have far more insight than their traditional, independent equivalents makes it safe to tear down traditional perimeters whilst remaining resilient to today’s (and tomorrow’s) threats.
Assets
- Global Campaign page – Home of all these assets plus any additional assets that may come in the future. Requires to log in to the Sophos Partner Portal
- Demystifying Zero Trust Presentation – High level overview of what zero trust is and the technology stack required to move to a zero trust model. This can be used as a webcast deck. Requires to log in to the Sophos Partner Portal
- Demystifying Zero Trust video – Recording of the above presentation with narration by product marketing manager Greg Iddon. It can be used as an on-demand webcast.
- Ask Sophos – What is Zero Trust? Short video explaining zero trust in a nutshell.