Perimeter security – the idea that creates a trusted zone within the corporate network in which components of the IT infrastructure enjoy some freedom , has been the rule in many organizations .

However , as many companies have been forced to move to a ‘ work-from-anywhere ’ system over the past two years , the notion of ‘ perimeter ’ has faded as the number of mobile devices and cloud services used by employees has increased .

This specific growing trend of ‘ work-from-anywhere ’ made traditional perimeter-based defense obsolete and promoted Zero Trust , a concept in which nothing is trusted – either user , device or program – in order to protect corporate resources , both within the internal network and externally from unauthorized access . The Zero Trust concept covers several keys :

• Authentication and authorization in each access attempt . Every time a user , device or program requests access to any resource , they must authenticate themselves and confirm their access rights . Authentication involves many types of information , such as the user ’ s login and password , location and device type , active processes and more

• Least privilege policy . Each infrastructure object receives access to only those resources needed to do its tasks . Organizations constantly review the rights granted to users , devices and applications , revoking them as appropriate

• Micro-segmentation . The corporate IT infrastructure is divided into segments with different levels of access to prevent lateral movement . The fewer resources are in a given segment , the less damage an attacker can cause by gaining access to it

• Continuous monitoring and telemetry collection . The company continuously monitors the state of infrastructure objects , collecting all available data about them in order

Digital Transformation has guaranteed the on-going development and adaptation of this concept to ensure connectivity between corporate resources and users .

to locate and update vulnerable applications and devices in a timely manner or to detect an attack as soon as possible

Digital Transformation has guaranteed the on-going development and adaptation of this concept to ensure connectivity between corporate resources and users , regardless of their location , all under the premise ‘ never trust , always verify ’.

www . intelligentcio . com INTELLIGENTCIO LATAM 33

Intelligent CIO LATAM Issue 09 | Page 33

Perimeter security – the idea that creates a trusted zone within the corporate network in which components of the IT infrastructure enjoy some freedom , has been the rule in many organizations .