The idea that the Zero Trust model brings us is a change of approach and paradigm , which tells us that the attacker is not only someone who comes from an external network but , instead , can already be inside the internal network and still the organization does not know .

security breaches to reduce operational and financial risks and also reducing the vectors where an attack can happen .

In order to have an effective Zero Trust approach to cybersecurity , we must first take a look at the perspective of an effective security architecture which corresponds to the implementation of end-toend controls ; that means establishing – for each of the architectural layers of business – applications , data and infrastructure , both logical and physical

The Zero Trust model establishes that operational and economic efforts should not only be focused on the Edge of the network .

components that contribute to strengthening the cybersecurity in the organization .

The inflection point of the solution architectures whose function is to support the technological operations for a company , is created from the design stage where they are not conceived based on confidentiality , integrity and availability , principles that are applied in later stages generating increases in future implementation times and costs .

When we think of a Zero Trust approach , we think of expanding the applicability and implementation of security controls for each of the architectural layers , not only externally as is the current approach but also inside of the organization , establishing the closure of

The Zero Trust model establishes that operational and economic efforts should not only be focused on the Edge of the network , instead they should be extended to the internal network of the organization , to establish surveillance over the actions that are intended to be executed within and obtain the necessary visibility so that cybersecurity departments can use an end-to-end security governance .

The objective of the model is to establish the verification of users , devices and applications that request access from an internal and external network to the organization , in order to protect critical assets from possible lateral movements that an attacker can make and compromise the internal network from the outside .

Some of the ways to prevent this type of attack with a Zero Trust approach are :

• Implement the assignment of least privileges

• Identify which are the critical assets of the organization

• Gain visibility into application and infrastructure behavior through constant monitoring

• Establish detailed security controls that allow the identification of which users have access to specific resources and under what conditions they are accessing them

• Automate processes that ensure that there is no deviation in the applicability of controls , allowing faster measures to be taken when required

34 INTELLIGENTCIO LATAM www . intelligentcio . com

Intelligent CIO LATAM Issue 09 | Page 34

The idea that the Zero Trust model brings us is a change of approach and paradigm , which tells us that the attacker is not only someone who comes from an external network but , instead , can already be inside the internal network and still the organization does not know .