What does Zero Trust mean?
Zero Trust? It sounds like wise dating advice, but itโs actually a way for companies to approach cybersecurity. With all those ransomware attacks going on, itโs getting a lot of attention.
The first thing to know is Zero Trust is a philosophy, or strategy, and not some piece of hardware you can roll onto the factory floor. It boils down to trusting no one and verifying everyone. To protect the network, tech folks assume it’s always under attack. They do their software magic to allow only specific tasks and block folks who canโt prove they are who they say they are. If there is a breach, something called โnetwork segmentationโ ensures it can be isolated so the whole factory doesnโt go down.
Think of it like an office vs. a bank. Once downtown office workers scan their ID to get into the building, they are free to roam. They can connect with colleagues down the hall, hit the break room, or dash into the supply closet to grab all the pens. Thatโs like a traditional network relying on one-time password access.
But itโs not like that at the bank. Even after you jump through all the required identification hoops, thereโs no way you can mosey around, popping into any old office or getting into the vault to count out your Benjamins. Thatโs Zero Trust.
In the factory, a tech team deploying a Zero Trust strategy can hook up sensors, IoT devices, new servers, old machinery – whatever – and specify that they do only the tasks they should be doing.
For instance, my work computer would still be connected to the 3D printer. But with Zero Trust, the printer would only be allowed to listen to or print from specific computers we pre-determine. That way, hackers canโt even communicate with the printer to try seizing it to make it do what they want. With Zero Trust, a hacker canโt even find the printer to try and attack it!
Most of us already have a Zero Trust mindset when it comes to our personal accounts. When I want to check my credit card balance or send a Snap to cheer up my niece when sheโs studying all night at her fancy university, I go to the app, type in my user name and password, and then DING! I get a text with a code that I have to enter before I can get at my account.
Now I know to watch for that same multi-factor authentication when Iโm at work, which means I won’t get access until I prove Iโm Deb with things like an encrypted code or a bio ID like a fingerprint.
As I said earlier, this Zero Trust is getting a lot of attention for a bunch of reasons – including those costly ransomware attacks, all of that remote worker access that needs to be secured, and even President Joe Bidenโs Executive Order on Improving the Nationโs Cybersecurity.
In May, the president gave federal agencies 60 days to develop plans to adopt Zero Trust. As those plans trickle down, expect to see a lot more people jumping onto the bandwagon. Thankfully as we navigate this so quickly thereโs some helpful information out there like a report ย I found from AT&T, which partners with my friends over at MxD.
The bottom line is this is all about keeping things secure. With so many cyber thugs out there, factories need to fill the moat, pull up the drawbridge, and shoot flaming arrows from the turrets. Zero Trust is one way to do that.
