Embracing Trust? NSA Shares Guidance on Zero Trust Security Model

According to the recently released cybersecurity guidance from the National Security Agency (NSA), as cybersecurity professionals defend increasingly dispersed and complex enterprise networks from sophisticated cyber threats, embracing a Zero Trust security model and the mindset necessary to deploy and operate a system engineered according to Zero Trust principles can better position them to secure sensitive data, systems, and services.

en flag
nl flag
et flag
fi flag
fr flag
de flag
pt flag
ru flag
es flag

Content Assessment: Embracing Trust? NSA Shares Guidance on Zero Trust Security Model

Information - 95%
Insight - 95%
Relevance - 90%
Objectivity - 95%
Authority - 100%

95%

Excellent

A short percentage-based assessment of the qualitative benefit of the post highlighting the recently published information paper from the NSA on the Zero Trust security model.

Editor’s Note: As highlighted in recently published guidance from the NSA, embracing a Zero Trust security model, and re-engineering an existing information system based on this security model, is a strategic effort that will take time to achieve full benefits. It is not a tactical mitigation response to new adversary tools, tactics, and techniques. However, several recent, highly publicized system breaches have exposed widespread vulnerabilities in systems, as well as deficiencies in system management and defensive network operations. These incidents show that purely tactical responses are often insufficient. The guidance asserts that a mature Zero Trust environment will afford cybersecurity defenders more opportunities to detect novel threat actors, and more response options that can be quickly deployed to address sophisticated threats. Given the increasingly sophisticated threats in today’s connected world, the NSA guidance may be beneficial for legal, business, and information technology professionals operating in the eDiscovery ecosystem as they consider cybersecurity threats and responses.

Press Announcement*

NSA Issues Guidance on Zero Trust Security Model

The National Security Agency published a cybersecurity product, “Embracing a Zero Trust Security Model,” on Thursday. This product shows how deploying Zero Trust security principles can better position cybersecurity professionals to secure enterprise networks and sensitive data. To provide NSA’s customers with a foundational understanding of Zero Trust, this product discusses its benefits along with potential challenges, and makes recommendations for implementing Zero Trust within their networks.

The Zero Trust model eliminates trust in any one element, node, or service by assuming that a breach is inevitable or has already occurred. The data-centric security model constantly limits access while also looking for anomalous or malicious activity.

Adopting the Zero Trust mindset and leveraging Zero Trust principles will enable systems administrators to control how users, processes, and devices engage with data. These principles can prevent the abuse of compromised user credentials, remote exploitation, or insider threats, and even mitigate effects of supply chain malicious activity.

NSA strongly recommends that a Zero Trust security model be considered for all critical networks within National Security Systems, the Department of Defense’s critical networks, and Defense Industrial Base critical networks and systems. NSA notes that Zero Trust principles should be implemented in most aspects of a network and its operations ecosystems to become fully effective. To address potential challenges of implementing Zero Trust solutions, NSA is developing and will release additional guidance in the coming months.

NSA seeks to regularly release unique, actionable, and timely cybersecurity guidance to strengthen the cybersecurity of the nation and its allies at scale. For more information or other cybersecurity products, visit NSA.gov/cybersecurity-guidance.

Read the original release from the NSA.


National Security Agency | Cybersecurity Information – Embracing a Zero Trust Security Model (PDF)

NSA – Embracing a Zero Trust Security Model – 022521

Read the original PDF posting from the NSA.


* Taken directly from and used with permission of the National Security Agency (NSA).

Additional Reading

Source: ComplexDiscovery

 

Research and Publishing Support for ComplexDiscovery

The publication, ComplexDiscovery, launched in early 2010, continues to expand in the breadth and depth of its industry coverage. As our industry readership and content leadership have grown, our research and publishing costs have also continued to grow. With our growth and the related costs of supporting our growth in mind, ComplexDiscovery kindly asks you to support our research and publication efforts by becoming a member of the ComplexDiscovery community.

We offer three levels of membership to those interested in supporting our efforts. All memberships are available on a monthly or annual basis through Steady, our European-founded platform for independent publishers. Feel free to chose your membership level today to support our continued independent publishing of content ranging from carefully selected and highly curated public domain content to independent research and reports. From quarterly business confidence surveys to annual market sizing reports, support our efforts today with your contribution.

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

ComplexDiscovery is an online publication that highlights data and legal discovery insight and intelligence ranging from original research to aggregated news for use by business, information technology, and legal professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding data and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of data and legal discovery organizations. Registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world, ComplexDiscovery OÜ operates virtually worldwide to deliver marketing consulting and services.

SPAC Attack? Cellebrite Moves Toward Becoming a Public Company

According to Adam Clammer, Chief Executive Officer of TWC Tech Holdings,...

Cobra Legal Solutions Receives Investment from Blue Sage Capital

According to Eric Weiner, Partner at Blue Sage, “We are excited...

eDiscovery Mergers, Acquisitions, and Investments in Q1 2021

From Relativity and Reveal to Compliance (System One) and Veristar, the...

Cyber Risk and Reward? Kroll Acquires Redscan

According to Redscan CEO, Mike Fenton, “Merging Redscan’s innovative culture and...

A New Era in eDiscovery? Framing Market Growth Through the Lens of Six Eras

There are many excellent resources for considering chronological and historiographical approaches...

An eDiscovery Market Size Mashup: 2020-2025 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

Resetting the Baseline? eDiscovery Market Size Adjustments for 2020

An unanticipated pandemeconomic-driven retraction in eDiscovery spending during 2020 has resulted...

Home or Away? New eDiscovery Collection Market Sizing and Pricing Considerations

One of the key home (onsite) or away (remote) decisions that...

Five Great Reads on eDiscovery for March 2021

From data breach economics and vulnerabilities to private-equity investments and vendor...

Five Great Reads on eDiscovery for February 2021

From litigation trends and legal tech investing to facial recognition and...

Five Great Reads on eDiscovery for January 2021

From eDiscovery business confidence and operational metrics to merger and acquisition...

Five Great Reads on eDiscovery for December 2020

May the peace and joy of the holiday season be with...

Cobra Legal Solutions Receives Investment from Blue Sage Capital

According to Eric Weiner, Partner at Blue Sage, “We are excited...

Corporation Z? Zapproved Releases of ZDiscovery Platform

According to the announcement, Monica Enand, Zapproved Founder and CEO, shared,...

Head in the Clouds? CloudNine Releases Review Updates

According to Tony Caputo, CEO of CloudNine, “CloudNine is 100% dedicated...

Threading the Needle? Epiq Launches Unified Digital Client Experience

According to the announcement, Epiq Access is available globally and provides...

A Warming Optimism? Spring 2021 eDiscovery Business Confidence Survey

The eDiscovery Business Confidence Survey is a nonscientific quarterly survey designed...

Cold Weather Catch? Predictive Coding Technologies and Protocols Survey – Spring 2021 Results

The Predictive Coding Technologies and Protocols Survey is a non-scientific semi-annual...

Out of the Woods? Eighteen Observations on eDiscovery Business Confidence in the Winter of 2021

In the winter of 2021, 85.0% of eDiscovery Business Confidence Survey...

Issues Impacting eDiscovery Business Performance: A Winter 2021 Overview

In the winter of 2021, 43.3% of respondents viewed budgetary constraints...