Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceAccess Management

Adopting zero trust for long term cybersecurity

By John Petrie
network cyber security
April 19, 2022

The zero trust cybersecurity model has become a popular topic of conversation in cybersecurity circles of late, with many cybersecurity experts urging organizations to adopt the concept. This should come as no surprise with the threat landscape getting seemingly more threatening by the day.

For the uninitiated, a zero trust architecture is a holistic and layered cybersecurity model that focuses on preventing data breaches by removing trust from an organization’s network and users. Instead of the old “trust, but verify” approach to monitoring potential problems, the underlying philosophy in a zero trust architecture is “never trust, always verify.”

The elements of zero trust

There is no one way to build a zero trust architecture, and the work is never really complete. There are always more improvements a company can make to build a zero trust cybersecurity program. No cybersecurity strategy is ever 100% foolproof, but the goal is to build a program that eliminates as much cyber risk as possible.

That said, there are several elements that make up a good zero trust architecture:

Data is gold

Organizations should keep in mind that the ultimate goal of a zero trust environment is protecting the data. All security controls and restrictions should be applied for the purpose of protecting the organization’s data.

Least privilege and minimal access

One of the foundations of a zero trust architecture is the concept of minimal access to data. Access to a company’s systems for users and for other systems is only deployed on an as-needed basis. Employees should have bare minimum access privileges — just enough to do their jobs — and be assigned additional access only when absolutely needed.

Identity as the new perimeter

User and device connections are no longer contained within corporate networks, as users can now work from anywhere. The network they use to connect to the corporate network should be assumed to be a hostile one. For employees to connect from outside the corporate network, strong identity verification is needed.

Trust actions, not systems

Companies should not give implicit or explicit trust to systems or networks. They should not grant trust to a connection based on the IP address, network location, device ID or user ID. Instead, they should assume all connections are hostile until proven otherwise.

Multi-factor or two-factor authentication is the standard

All user authentication requests should be subject to multi-factor or two-factor authentication as a minimum standard. Multi-factor authentication protects against several significant threats, such as password cracking and credential disclosure.

These are just a handful of several elements of a zero trust security architecture. Other concepts that fit with the environment include federated identity, automation and dynamic risk assessments.

If this sounds like a lot of work, it is. Each of the pillars of a zero trust architecture is accomplished over time — the one and done approach does not work here. Zero trust is not just about installing new technology. It’s about managing and shifting the organization’s technology, people and processes holistically. While implementing zero trust, the changes must have only a limited impact to the business, its people and its security. It does no one any good to move to a new cybersecurity approach if it leaves an organization vulnerable during the adoption phase.

For those companies attracted to the concept, the first step is to make a decision to move to a zero trust framework. It is not just an information technology decision or a security decision — it is a business decision. Making the change requires buy-in from management and employees.

Companies should define their security architectural principles to keep all stakeholders on the same page. They should identify the stakeholders at multiple levels of the business. 

Again, zero trust is not just something security leaders can add on to the current cybersecurity model. It’s a different way to approach business — with cybersecurity baked in. Zero trust is not a magical cure-all, but it will reduce organizational threat surface significantly, if done properly and with full commitment. And that, to me, makes it worth the effort.

KEYWORDS: cyber security initiatives enterprise cyber security infrastructure cyber security network monitoring zero trust

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

John Petrie is the Chief Information Security Officer at NTT Security.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • City birds eye view

    Designing security for long-term success

    See More
  • Growing and Gaining

    Want to Avoid Being Scapegoated For the Next Breach? You Need Total Trust Alongside Zero Trust

    See More
  • cyber-frame

    If Michael Jordan is zero trust, then identity governance is Scottie Pippen — Why cybersecurity is a team sport

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing