This guide describes the path to Zero Trust in detail, following the lead of the Office of Management and Budget (OMB)’s Moving the U.S. Government Towards Zero Trust Cybersecurity Principles memorandum. We all need to remember that Zero Trust, like any best practice cybersecurity, is not a destination but a continuous journey.
That journey starts now.
President Biden’s Executive Order gave agency heads 60 days to develop plans for implementing a Zero Trust architecture. The Office of Management and Budget's memorandum goes further, citing five key pillars to Zero Trust: identity, devices, networks, applications, and data.
Zero Trust is ultimately not about protecting people or assets, it’s about securing data. To that end, it makes most sense to segment at the application layer. RedSeal makes sure that as workloads come and go, they only travel into the segments they’re meant to, and nowhere else.
The conversation about Zero Trust is still too myopically focused on identity. Equally important is device inventory. If Zero Trust is about allowing only certain authorized individuals to do certain things on certain devices, you need to first know about those devices—all of them.