Welcome to the First Column IT Tech Blog

HomeBlog
Ever Wonder Where the Idea for Zero Trust Security Came From?

Ever Wonder Where the Idea for Zero Trust Security Came From?

November 29, 2024

Zero-trust, an approach to cybersecurity gaining traction in the industry, is perhaps the most effective way to secure your business’ infrastructure. We want to take some time today to discuss how zero-trust came to be and how it compares to today’s cybersecurity threats.

The Father of Zero Trust: John Kindervag

Of all things, former broadcast engineer and computer animation specialist John Kindervag credits the video game Doom for his interest in networking.

How Smashing Demons Built the Most Secure Networking Strategy to Date

Back in the day, Kindervag convinced his supervisors that they should build an ethernet network to help transfer animated files, which were too large at the time to be shared any other way.

Of course, we know today that these ethernet networks were built to support the after-hours Doom parties hosted in the office. This wasn’t exactly an uncommon practice, either. You’d be surprised to learn just how many advancements in computers and networking were made for the express purpose of playing Doom.

While working with these networks, however, Kindervag discovered they were not secure.

In truth, little attention was paid to security. The sole measure in place was a firewall to protect from external threats. There was no stopping anyone who wanted to remove data from the network, and the trusted, internal network built for the business could allow data to be shared with an untrusted, external network (read: the Internet).

Claiming this idea was “insane,” he sought to build a system with zero inherent trust in all interfaces… and the rest is history.

Explaining the Concept of Zero-Trust

A zero-trust system requires five steps:

Step One: Defining the Protect Surface
As Kindervag puts it, “Zero Trust inverts the traditional problems of cybersecurity. Instead of focusing on what's attacking you, it focuses on what I call the Protect Surface. What do I need to protect?”

Take steps to identify the data you should protect; this will help you determine the scope of your data protection needs.

Step Two: Mapping Your Data
You need a holistic understanding of how your business and its systems interact with your IT infrastructure. This includes users, their purposes, and how the system allows for data storage and transfer.

Step Three: Designing an Architectural Framework
Build a framework that addresses the specific needs you outlined in the previous steps. While your framework might look like someone else’s, it should be customized to suit your business. The audits and mapping will help you along the way.

Step Four: Creating Your Zero-Trust Policies
Now, it’s time to set restrictions on who can access what data, how they can access it, when they can access it, where they can access it from, and for what purpose. These parameters should be set for every user, role, device, and network.

Step Five: Monitoring and Enforcing Compliance
Finally, it’s time to monitor your network and address any oversights or loopholes before they impact your security infrastructure.

Here Is Some Advice from Kindervag

A key takeaway from Kindervag: security issues like ransomware and other threats don’t care if you’re a small business or a major enterprise.

You can expect that everyone in today’s connected, online world will be at threat and subject to various repercussions—many of which are difficult to predict. For example, there’s even a niche ransomware that specifically targets a Swiss Alps dairy farmer and his milking machines. Even if the farmer could milk his cows manually, he would still have to deal without access to telemetric health data, which could help him avoid his cows dying.

These losses are preventable, and if businesses implement appropriate security measures (like zero trust), they can take a proactive stance and minimize the damage done by threats.

Let Us Help

Don’t let a fear of cybersecurity threats hold you back. Instead, use it to fuel your desire to improve your organizational security. Learn more by calling us today at (571) 470-5594.

Previous Post
January 30, 2025
How to Effectively Manage Your IT Budget
Your business runs on a budget, and how you spend that money affects whether you make a profit by the end of the year. One of the most important areas to focus on is your IT (information technology). IT is the backbone of any modern business, so including it in your budget is crucial. Let’s discuss why prioritizing IT in your budget can make your business more successful.
January 25, 2025
Businesses Are Using IoT In Several Intriguing Ways
The Internet of Things (IoT) is one of the most intriguing technologies businesses can use. When brought into the fold, it has changed how offices function, bringing a range of benefits that enhance efficiency, productivity, and security. IoT devices and systems can streamline processes and create a more comfortable, productive, and sustainable work environment. This month, we discuss how small businesses can use IoT to improve their operations.
January 21, 2025
Do These Four Things to Secure Your Smartphone
Keeping your smartphone safe for work is important. Your phone likely holds a lot of personal stuff, and if you use it for work, it has access to work emails, files, and other sensitive information. This makes it a tempting target for hackers. Here’s how you can protect it.

Have a project in mind?

Start with our free consultation for VA, DC and MD companies. We will provide a detailed proposal and firm quote based on your specific IT support needs. All at a predictable monthly cost per seat.
Free Consultation - Sign Up Here