Embracing Trust? NSA Shares Guidance on Zero Trust Security Model

According to the recently released cybersecurity guidance from the National Security Agency (NSA), as cybersecurity professionals defend increasingly dispersed and complex enterprise networks from sophisticated cyber threats, embracing a Zero Trust security model and the mindset necessary to deploy and operate a system engineered according to Zero Trust principles can better position them to secure sensitive data, systems, and services.

en flag
nl flag
et flag
fi flag
fr flag
de flag
pt flag
ru flag
es flag

Content Assessment: Embracing Trust? NSA Shares Guidance on Zero Trust Security Model

Information - 95%
Insight - 95%
Relevance - 90%
Objectivity - 95%
Authority - 100%

95%

Excellent

A short percentage-based assessment of the qualitative benefit of the post highlighting the recently published information paper from the NSA on the Zero Trust security model.

Editor’s Note: As highlighted in recently published guidance from the NSA, embracing a Zero Trust security model, and re-engineering an existing information system based on this security model, is a strategic effort that will take time to achieve full benefits. It is not a tactical mitigation response to new adversary tools, tactics, and techniques. However, several recent, highly publicized system breaches have exposed widespread vulnerabilities in systems, as well as deficiencies in system management and defensive network operations. These incidents show that purely tactical responses are often insufficient. The guidance asserts that a mature Zero Trust environment will afford cybersecurity defenders more opportunities to detect novel threat actors, and more response options that can be quickly deployed to address sophisticated threats. Given the increasingly sophisticated threats in today’s connected world, the NSA guidance may be beneficial for legal, business, and information technology professionals operating in the eDiscovery ecosystem as they consider cybersecurity threats and responses.

Press Announcement*

NSA Issues Guidance on Zero Trust Security Model

The National Security Agency published a cybersecurity product, “Embracing a Zero Trust Security Model,” on Thursday. This product shows how deploying Zero Trust security principles can better position cybersecurity professionals to secure enterprise networks and sensitive data. To provide NSA’s customers with a foundational understanding of Zero Trust, this product discusses its benefits along with potential challenges, and makes recommendations for implementing Zero Trust within their networks.

The Zero Trust model eliminates trust in any one element, node, or service by assuming that a breach is inevitable or has already occurred. The data-centric security model constantly limits access while also looking for anomalous or malicious activity.

Adopting the Zero Trust mindset and leveraging Zero Trust principles will enable systems administrators to control how users, processes, and devices engage with data. These principles can prevent the abuse of compromised user credentials, remote exploitation, or insider threats, and even mitigate effects of supply chain malicious activity.

NSA strongly recommends that a Zero Trust security model be considered for all critical networks within National Security Systems, the Department of Defense’s critical networks, and Defense Industrial Base critical networks and systems. NSA notes that Zero Trust principles should be implemented in most aspects of a network and its operations ecosystems to become fully effective. To address potential challenges of implementing Zero Trust solutions, NSA is developing and will release additional guidance in the coming months.

NSA seeks to regularly release unique, actionable, and timely cybersecurity guidance to strengthen the cybersecurity of the nation and its allies at scale. For more information or other cybersecurity products, visit NSA.gov/cybersecurity-guidance.

Read the original release from the NSA.


National Security Agency | Cybersecurity Information – Embracing a Zero Trust Security Model (PDF)

NSA – Embracing a Zero Trust Security Model – 022521

Read the original PDF posting from the NSA.


* Taken directly from and used with permission of the National Security Agency (NSA).

Additional Reading

Source: ComplexDiscovery

 

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

ComplexDiscovery is an online publication that highlights cyber, data and legal discovery insight and intelligence ranging from original research to aggregated news for use by business, information technology, and legal professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data and legal discovery organizations. Registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world, ComplexDiscovery OÜ operates virtually worldwide to deliver marketing consulting and services.

Joint Cybersecurity Advisory from the CISA, FBI, and NSA on BlackMatter Ransomware

This Joint Cybersecurity Advisory from the CISA, FBI, and NSA provides...

Keeping Secrets? Ransomware Trends in Bank Secrecy Act Data Between January 2021 and June 2021

According to a recently published report, the U.S. Treasury's Financial Crimes...

A Geographical Depiction: Ransomware Attacks in the United States Between 2018 and Today

Published by Comparitech, a pro-consumer website providing information, tools, reviews, and...

Recommendations for Mitigating the Risk of Software Vulnerabilities: NIST Secure Software Development Framework

This draft document from NIST on a proposed secure software development...

Consilio Completes Acquisition of Legal Consulting and eDiscovery Business Units of Special Counsel from Adecco

According to Andy Macdonald, CEO of Consilio, “Consilio’s acquisition of D4...

Cellebrite to Acquire Digital Clues

According to Cellebrite CEO Yossi Carmil, “We are pleased to announce...

iCONECT Acquires Ayfie Inspector Artificial Intelligence Codebase

According to Ian Campbell, CEO of iCONECT, “Direct access to the...

eDiscovery Mergers, Acquisitions, and Investments in Q3 2021

From Ipro and Disco to Nuix and Lighthouse, the following findings,...

A New Era in eDiscovery? Framing Market Growth Through the Lens of Six Eras

There are many excellent resources for considering chronological and historiographical approaches...

An eDiscovery Market Size Mashup: 2020-2025 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

Resetting the Baseline? eDiscovery Market Size Adjustments for 2020

An unanticipated pandemeconomic-driven retraction in eDiscovery spending during 2020 has resulted...

Home or Away? New eDiscovery Collection Market Sizing and Pricing Considerations

One of the key home (onsite) or away (remote) decisions that...

Five Great Reads on Cyber, Data, and Legal Discovery for September 2021

From countering ransomware to predictive coding and packaged services, the September...

Five Great Reads on Cyber, Data, and Legal Discovery for August 2021

From the interplay of digital forensics in eDiscovery to collecting online...

Five Great Reads on Cyber, Data, and Legal Discovery for July 2021

From considerations for cyber insurance and malware to eDiscovery business confidence...

Five Great Reads on eDiscovery for June 2021

From remediating cyberattacks to eDiscovery pricing, the June 2021 edition of...

Harvest Time? eDiscovery Operational Metrics in the Fall of 2021

In the fall of 2021, 67 eDiscovery Business Confidence Survey participants...

Unseasonably Hot? Fall 2021 eDiscovery Business Confidence Survey Results

Since January 2016, 2,595 individual responses to twenty-four quarterly eDiscovery Business...

More Keepers? Predictive Coding Technologies and Protocols Survey – Fall 2021 Results

From the most prevalent predictive coding platforms to the least commonly...

Glowing Expectations? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2021

In the summer of 2021, 63.3% of survey respondents felt that...