Contact Us
Infraon Infinity

Drop us a message

History of Zero Trust Security
  1. Zero Trust Security

History of Zero Trust Security

Written by Posted on Less than 0 min read
parallax-shape-01 parallax-shape-02 parallax-shape-03 parallax-shape-04 parallax-shape-05 parallax-shape-06 parallax-shape-07 parallax-shape-08 parallax-shape-09
Post Views: 3,772

Before Zero Trust security existed, companies had to take utmost care to ensure that only trusted users were allowed to access the corporate network. Although the term “Zero Trust” was popularized by John Kindervag, it was originally coined by Stephen Paul Marsh in 1994. Kindervag was an analyst with Forrester at that time when he had recognized the potential of this technology, and the world started to take notice. 

However, it was Marsh who had first introduced the “Zero Trust” concept. His take on trust in the realm of IT system administration was that it could be mathematically modeled and constructed. According to him, it was more than a mere human phenomenon or confrontation. “Trust” (as per Marsh) was much more than human ethos, laws, judgment, and justice. 

The Zero Trust Security model evolution 

The modern history of Zero Trust took roots in 2003 when the Jericho Forum highlighted the problems associated with demarcating organizational boundaries for IT systems. The Jericho Forum actively researched and promoted a concept called ‘de-parameterization.’ 

Google was one of the first companies to take the cue from the potentialities of the Zero Trust architecture. The initiative was called BeyondCorp, and in 2009, Google implemented a de-parameterized framework based on the Zero Trust Architecture. 

Kindervag, at this time, was actively engaging with IT communities, popularizing the Zero Trust approach. But things did not happen overnight. It took more than ten years for most organizations to slowly start implementing zero trust architectures. More of this was driven due to the proliferation of cloud and mobile technologies. 

The birth of a new critical technology 

While the history of Zero Trust provided a contextual foundation for the technology itself, the actual shaping took place only later. The crystallization of this technology was in 2014 when a Swiss security IT engineer designed a Zero Trust Network. The network was based on firewall-based circuits to protect any client from malware. The Swiss Federal Institute of Intellectual Property received the manuscript of this architectural style, which was called the Untrust-Untrust type of network. The manuscript was subsequently published in 2015.

The evolution of Zero Trust security started to prompt national security agencies such as the National Cyber Security Centre and the UK National Technical Authority to start recommending this architecture by 2019. By the close of 2020, major platform solution vendors, cloud service providers, and cyber security providers made zero trust part of their architectures. Because of the increased usage of Zero Trust and varying architectures in place, the NIST and NCSC were tasked with standardizing the implementation of this technology. 

Zero Trust Security

What are the key standardization points proposed by NCSC and NIST?

As part of the evolution of Zero Trust security, the work of NCSC and NIST on the Zero Trust Model led to the creation of a publication titled – Zero Trust Architecture. In this publication, Zero Trust is defined as a collection of principles that can be applied to network security. The key principles that were part of the standardization effort were identified on the following lines:

  • User and machine authentication
  • User identity – a single and strong source
  • Additional context – device metrics, compliance, etc.
  • Application authorization policies
  • Application access control policies
Member since
Founder - Infraon & EverestIMS 🚀 | Product Manager | OKR Coach || Helping Enterprises to accelerate IT Operations and Customer Success
Do you like Arun Prasath R's articles?
Follow on social!

Related articles

future proofed yet its time to proactively mitigate it risks with zero trust
  1. Zero Trust Security

Future-proofed yet? It’s time to mitigate dangerous IT risks with Zero Trust

Post Views: 918 Zero Trust combines identity verification and policy-based permission for every identity attempting to use the network or IT resources. The person or entity may be inside the enterprise’s network or access the network remotely. Zero Trust is a framework using different technologies and best practices to know who is trying to access […]
Written by
Zero Trust Network Access use cases
  1. Zero Trust Security

Find out if Zero Trust network architecture the right fit for your use case

Post Views: 1,085 In the past, the security of networks was constantly compromised since the concept of implicit trust was largely defined by how network resources were accessed by users within the LAN. Sometimes, even users outside the LAN were implicitly trusted if recognized by the system. However, with the increase of malware, phishing, spam, […]
Written by
What are the 5 principles of Zero Trust security
  1. Zero Trust Security

The 5 most influential principles of Zero Trust security

Post Views: 1,463 Zero Trust is a set of techniques to secure end-to-end IT network infrastructure. Given the complexity of today’s networks, Zero Trust security principles continue to evolve and adapt to current demands. As indicated by the history of Zero Trust, an evolving IT security landscape was what eventually led to this concept. And right from the start, […]
Written by
How does a Zero Trust network work
  1. Zero Trust Security

How Zero Trust Networks works Great

Post Views: 903 Zero Trust Network is an approach to IT security that requires users within (and outside) the corporate network to be continuously verified, authorized, and authenticated. The philosophy behind how Zero Trust works is to “never trust and always keep verifying.” Regardless of their safe network usage habits, all users are continuously monitored. The Zero […]
Written by
Zero Trust solutions Infraon 1
  1. Zero Trust Security

How Zero Trust helps banks overcome the biggest challenges of digital transformation

Post Views: 1,031 Zero Trust is a holistic approach to cybersecurity that emphasizes verification rather than trusting users. The financial sector has always been rife with security threats and a common target for cybercriminals. Enterprises handling financial data are subject to more security protocols and scrutiny from several angles, including governments, regulatory bodies, and customers. […]
Written by
7734 min
  1. Infraon SecuRA
  2. Risk Management
  3. Zero Trust Security

Stress-free IT management: An IT manager’s playbook for mitigating risks

Post Views: 1,007 As IT infrastructures become more complex, the responsibilities of IT managers expand exponentially. Their role is akin to a tightrope walker, balancing the need for innovation with the imperative of security. From spotting system vulnerabilities to preparing for unexpected setbacks, the IT manager’s world is one of vigilance and foresight. Zero-trust is […]
Written by
how zero trust help boost network
  1. Zero Trust Security
  2. Remote Asset Monitoring

How Zero Trust helps boost new-age remote and hybrid working models

Post Views: 869 How Zero Trust helps in today’s remote and hybrid working models What started out with hiring the workforce from different parts of the world to cut overhead costs and develop remote and hybrid working teams has become increasingly common, thanks to the COVID-19 pandemic. Working from different locations has become the norm […]
Written by
Next

Table of Contents

0