theNet by CLOUDFLARE

Security Transformation

Episode 1: The Roadmap to Zero Trust

Key excerpts:

Barry Fisher: [00:00:52]

Zero Trust security requires that every request moving into, out of, or within a corporate network is inspected, authenticated, encrypted, and logged. It's based on the idea that no request should be implicitly trusted, no matter where it comes from or where it's going. Access is only authorized after verifying the identity and context of each request...


STEP 1: Eliminate implicit trust

Barry Fisher: [00:04:54]

The most classic starting step is eliminating implicit trust by verifying user identity with strong authentication for inbound requests before authorizing access...One platform that will allow you to enforce policies that span all the different types of applications your users are going to use...

Barry Fisher: [00:06:01]

First, enforce multi-factor authentication for the critical applications. This prevents a hypothetical attacker from getting to your most sensitive data... Organizations that already have an identity provider in place can set up MFA directly within that provider, you can do this either via one-time codes or a push notification app.

Barry Fisher: [00:07:14]

...The more phishing resistant the MFA method is, the better. We recommend companies start with the basic MFA and then incrementally improve. And for the application reverse proxy service, if the application is already exposed to the Internet, you'll just need to have the authority to change the application's DNS and records. For private applications, you're going to be ready to move on to step two.


STEP 2: Extend Zero Trust

Barry Fisher: [00:08:37]

Rather than punching a hole through your perimeter firewall, we establish a very narrowly scoped private network over the Internet between this private application and the users that require access to it... Granular, least privileged policy enforcement is performed via the reverse proxy that sits between the users and the applications beyond verifying identity with MFA.


STEP 3: Consider exposure of applications

Barry Fisher: [00:13:10]

Start involving the network engineering team to reduce your cyber risk...Whether they should continue to be inbound network ports is a common attack vector, and during the pandemic, many organizations rushed to find ways to keep employees productive. And sometimes they expose rather privileged systems access over things known as RDP and SSH protocols.

Watch the full episode

This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.


Key takeaways

3 concrete steps companies can take to make meaningful progress towards Zero Trust architecture

  • STEP 1: Eliminate implicit trust [00:04:54]

  • STEP 2: Extend Zero Trust to private applications [00:08:37]

  • STEP 3: Consider applications exposed to the Internet [00:13:10]




Receive a monthly recap of the most popular Internet insights!