The Zero Trust Security Model (ZTSM) recognizes that the perpetrator has penetrated your single layer of defense. As those with military experience understand, the ZTSM is a defense in depth strategy. The process involves a 5-step approach which are Define, Map, Design, Create and Monitor. But what the ZTSM model does well is it creates a system that develops a diverse set of protection measures. And as programmers, we know that when the pattern is hard to locate and the holes always lead to dead ends, the network becomes harder and harder to probe without revealing ourselves and our tactics. This is not a model for the untrained, but for professionals. But you must train and train diligently. And you must be willing to surrender any old conventions that hold onto yesterday’s notions. If we would start to build a ZTSM, we should adopt the NIST CSF, build policies, procedures, training, execution, verification, and management oversight. We would not rely on magic systems or magic software SPOFs. We should layer our defenses using overlapping strategies and never exposing the critical core. When we see businesses using non-compliant methods and vendors throughout the US, they really do not have a chance.
TechR2’s Tear-A-Byte (TAB) and Tear-A-Vault (TAV) systems meet the Zero Trust Security Model criteria. IBM knows it. You should, too. TechR2 is a ISO and NIST CSF certified company.