Zero-trust security - is it real? The Cloud Security Alliance agrees, although marketing hype hasn't really helped so far. The majority of security vendors offer zero-trust solutions, but security specialists struggle to understand this approach and the added value it brings to their security environments.

In order to help IT and security departments make sense of this relatively new trend, the Cloud Security Alliance, an organization dedicated to defining and raising awareness of best practices for ensuring cloud security, has started a new program: the Zero Trust Advancement Center. The founding members are CrowdStrike, Okta, and Zscaler. Together, they will strive to advance standards, certifications, and best practices that will help security departments create zero-trust environments.

Zero-trust security entails trusting no one on the network, let alone anyone connecting from the outside. Zero trust relies on identity and behavior to verify users and machines in real time, and restricts data and access based on least privilege, as opposed to trusting employees, devices, and networks by default. Since cyber criminals increasingly use stolen credentials and identities to bypass security and gain access to corporate systems, this approach becomes increasingly important. As soon as cyber criminals are in, they can move around freely through the network.

One of its first action items of the new center will be to produce a white paper that defines a zero-trust architecture. This document should also address the biggest challenges faced by security professionals as their businesses shift to the cloud, users and devices proliferate, organizations' attack surfaces grow, and attackers become more active and sophisticated.

Photo credit: Matthew Henry