{"id":16391,"date":"2021-03-31T13:00:00","date_gmt":"2021-03-31T17:00:00","guid":{"rendered":"https:\/\/www.jumpcloud.com\/?p=16391"},"modified":"2023-05-02T17:06:03","modified_gmt":"2023-05-02T21:06:03","slug":"zero-trust-security-model","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/zero-trust-security-model","title":{"rendered":"What is a Zero Trust Security Model?"},"content":{"rendered":"\n

With so many breaches occurring worldwide and so many organizations and consumers being impacted, IT admins are shifting their attention to a Zero Trust<\/a> Security model. This concept has been around for a few years, but as digital assets become increasingly difficult to protect, the zero trust security approach is picking up serious traction.<\/p>\n\n\n\n

Layered Security is Protection of the Past  <\/h2>\n\n\n\n

Fundamentally, dramatic changes in the IT network are driving this new approach to security<\/a>. In the past, IT organizations worked with digital assets from the core of their network and then placed rings of security around those assets. <\/p>\n\n\n\n

This approach was often termed \u201cdefense in depth\u201d or \u201clayered security,\u201d and the basic premise was that an attacker would need to penetrate through multiple layers of security\u2014network, application, host, and data for example\u2014in order to gain access to the most critical digital assets. <\/p>\n\n\n\n

For authorized users, they would simply bypass all of the security because they would be inside of the perimeter and would log in to their machine which would grant them access to their IT resources.<\/p>\n\n\n\n

This defense-in-depth approach made sense when the network was on-prem and largely Windows-based. The first (innermost) ring of defense was usually focused on the identity; in short, a user needed to have access to the domain. From there, the next layer was ensuring that the system had anti-malware solutions or host-based intrusion detection systems. <\/p>\n\n\n\n

The third layer usually focused on applications and data. Users need to have rights to those and often the data would be encrypted. Finally, the outermost layer would be the network perimeter, containing firewalls, intrusion detection systems, VPNs, and more. These layers would need to be penetrated at each step in order to gain control over digital resources or assets.<\/p>\n\n\n\n

\n