Scribd Logo
Upload

Welcome to Scribd!

  • Trust Seecurity 071220

    Uploaded by

    saravanan purushothaman
    11 views1 page
    This document outlines a multi-layered Zero Trust security model with multiple trust gates across data, applications, operating systems, compute, and internal network layers to protect against cyber threats. Key elements include encryption, access controls, authentication, monitoring, and updating/patching across each layer.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines a multi-layered Zero Trust security model with multiple trust gates across data, applications, operating systems, compute, and internal network layers to protect against cyber threats. Key elements include encryption, access controls, authentication, monitoring, and updating/patching across each layer.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    11 views1 page

    Trust Seecurity 071220

    Uploaded by

    saravanan purushothaman
    This document outlines a multi-layered Zero Trust security model with multiple trust gates across data, applications, operating systems, compute, and internal network layers to protect against cyber threats. Key elements include encryption, access controls, authentication, monitoring, and updating/patching across each layer.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 1

    Zero Trust security: Multi-layered protection against cyber-threats

    Data
    1. Encryption at rest
    123456 2. Backup your data (and test your backups)
    D ATA
    3. Trust Gate 2: Configure data access rights
    4. Set restrictive permissions (at field level)
    5. Database hardening – using best practices guidelines
    D ATA
    6. Trust Gate 1: Storage infrastructure access

    Application Development Application Deployment


    1. Configuration of application level logging 1. Include security testing in deployment pipeline
    AP 2. Trust Gate 3: Design to support and enforce multi-factor 2. Trust Gate 3: Practice principle of Least Privileges

    DE
    P L I C AT I O N

    YM ENT
    authentication 3. Care for and configure to protect privacy

    V E LO P M
    7 6 5 4 321 123456789 3. Input validations & error handling framework 4. Configure for a purpose - discard default configurations

    P LO
    4. Architecture and design level alignment with applicable security 5. Trust Gate 2: Encrypt identities and secrets

    DE
    EN T
    policies 6. Trust Gate 1: Enable SSO / multifactor authentication
    APP
    L I C AT I O N 5. Trust Gate 2: Code for identity and access management policies 7. Application level patch update schedule
    6. Trust Gate 1: Implement API Authentication 8. Monitor for security outliers
    7. Secure coding practices 9. Deploy Web Application Firewall

    Operating System
    1. Enable logging and auditing
    OP 2. Trust Gate 2: Restrict processes runing with privileged rights
    ER A EM 123 5 7 9 3. Automate OS patching
    T I N G S YS T 46 8
    4. Enable auditing for all critical OS resources – files / directories / processes
    OP 5. Trust Gate 1: Layered Privileges access - secure, logged, monitored,
    ERA EM
    TIN G SYST restricted to necessary and sufficient to perform defined tasks
    6. Deploy Anti-malware
    7. OS hardening using CIS (or equivalent) benchmarks
    8. Disable all unwanted services
    9. Custom installation of OS

    Compute
    1. Firmware update policies
    123456 2. Hypervisor, orchestration platform and Host OS patching management
    CO M P U T E 3. Trust Gate 2: RBAC – for underlying IaaS, PaaS
    4. Trust Gate 1: Use ACLs for limiting host access
    CO M P U T E 5. Host level IDS
    6. Capacity utilization monitoring

    Internal Network
    1. Trust Gate 4: Intra-network ACLs
    2. Securely configure of routing / switching and VLAN
    12345 7
    INT 6 3. Centralized logging
    ERNAL NET WORK
    4. Trust Gate 3: Design for role-based network segmentation
    IN
    TER RK 5. Security fixes for networking OS
    NAL NET WO
    6. Trust Gate 2: Deny by default - Network Security Groups and ACLs
    7. Trust Gate 1: Configure network ACLs and monitor for unauthorized access

    Perimeter Infrastructure
    1. Trust Gate 2: VPN for inbound access
    12345 2. DDoS protection
    6
    PE 3. Network IDS
    RIM RE
    E T E R IN F R AS T R U C T U
    E
    PE

    4. Trust Gate 1: Network level firewall


    UR

    IM
    CT
    R

    ETE
    R INFRASTRU 5. Secure DNS configuration
    6. Monitor for intrusion, DDoS and DNS attacks

    Physical Euipment
    1. Trust Gate 2: Locked and restricted access to server cages and racks
    123
    45 2. Surveillance via security cameras and biometrics readers
    3. Trust Gate 1: Biometric access with visual verification
    PH T 4. 24 x 7 Guarded physical access
    YSI N
    PHYS
    I C A L E Q U I PM E NT C AL EQ UIP ME 5. Monitor for unauthorized access

    Client / Mobile Device Protection


    1. Encryption of data stored in mobile
    1 23456 2. Trust Gate 3: Enable App level passwords for Enterprise Mobile Apps
    3. Client level anti-malware
    CLI CL E 4. Auto-patch apps and client OS
    ENT N IE N IC
    / MOB OTECTIO T/M OBILE DE V 5. Trust Gate 2: Deploy supervised mobile devices
    ILE DEVICE PR
    6. Trust Gate 1: Restrict device access via password / fingerprint / face recognition

    D ATA
    AP
    P LIC A TI O N 3 Pillars of Security Zero Trust Security is the NextGen Security model to protect against the
    OP EM
    E R A TIN
    G SYST
    1. Availability
    growing sophistication of cyber threats. In this era of speed, 24 x 7 work
    CO M PUTE
    Y

    'on-the-go,' and an equally sudden and jolting halt to global mobility


    AVA

    RIT

    INTERN
    AL NETWO
    RK 2. Confidentiality
    AB amid the global COVID-19 pandemic, IT security models must be able
    EG
    L I

    IL I PERIMETER T 3. Integrity
    TY IN
    PHYSICAL
    EQUIPMEN
    T to quickly adapt to the demands of extreme situations with minimal
    CLIE N
    NT/MO CTIO
    BILE DEVICE PROTE disruption to 'business-as-usual.'

    CON TY
    FID ENTIALI

    https://www.cipherspace.com/infographics-zero-trust-security.html

    You might also like