Daniel Carroll, field chief technology officer for cybersecurity at Dell Technologies (NYSE: DELL), said the company created a seven-pillar model designed to help information technology leaders at federal agencies explain the principles of zero trust and their significance to cybersecurity initiatives.
Carroll wrote that these seven pillars of a zero trust architecture are device trust; user trust; transport and session trust; application trust; data trust; visibility and analytics; and automation and orchestration.
“The first five are relatively self-explanatory, and the last two provide a basis for enforcing them,” he said.
“For example, if a device is acting in a way that’s unusual, then the visibility and analytics component will highlight the activity so the automation and orchestration component can cut off the device’s access and protect the infrastructure,” he added.
Carroll discussed the importance of data governance and the need for agencies to assess their existing cybersecurity tools, applications, services and practices that back zero trust principles.
“Ultimately, agencies must be able to identify everything within their networks — not just users, but also devices and applications,” he wrote.
“Zero trust involves validating that those objects are authorized to access agency resources and blocking any new objects that don’t come onto the network in the appropriate way,” he added.