CHAPTER 1Overview of Zero Trust and Third-Party Risk
The intersection of zero trust (ZT) and third-party risk (TPR) can be a challenging one to cross. Neither is a set of technologies. Instead, both are a combination of people, processes, and technologies to accomplish a strategy. Implementing them isn't as simple as buying and installing a bunch of new stuff and walking away; it requires a way to find the overlap between the two (ZT and TPR) and making informed decisions to identify the changes required and carrying them out.
Zero Trust
Zero trust can be intimidating for any organization to implement, given that it is not a technology but changes to how specific security controls are accomplished in the enterprise. The next pages briefly cover the history of ZT to enable you to better understand the principles and then see the overlap with TPR.
What Is Zero Trust?
Zero trust is a strategy—it is not a tool or technology. To better understand the strategy, it is necessary to understand who developed it, why, and how. ZT was borne out of John Kindervag's observation that the previous trust model (perimeter-based security) was the fundamental cause of most data breaches. Kindervag expanded on this concept in “No More Chewy Centers: Introducing the Zero Trust Model of Information Security”1. In 2016, John updated his research with “No More Chewy Centers: The Zero Trust Model for Information Security, Vision: The Security Architecture and Operations Playbook.”2 The term chewy ...
Get Zero Trust and Third-Party Risk now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
