Zero Trust is not a technology, and it is not a product. There are no silver bullets in achieving a Zero Trust security posture. It is a strategic, architectural approach to security enabled by technology. Simply put, it provides CISOs and other security leaders with a more rigorous security posture for today’s world of escalating risk.
Introduced by Forrester in 2010, the concept of Zero Trust security is not new. Zero Trust security proposes a fundamentally different model than what Forrester calls the “moat and castle” strategy that ignores threats and compromised assets inside the castle. It assumes that every user, device, system, or connection is already compromised (by default) whether they are inside or outside of the network.
Forrester Zero Trust eXtended (ZTX) Framework
To help you apply Zero Trust principles to your enterprise, Forrester developed the Zero Trust eXtended (ZTX) framework. This framework lists seven components where Zero Trust should fit in the enterprise.
- Data
- Workloads
- Network
- People
- Devices
- Automation & Orchestration
- Visibility & Analytics
- Manageability & Usability
- APIs