Security Network Auditing: Can Zero-Trust Be Achieved?

Since 2010, government and business organizations have begun to adopt the Zero-Trust framework. Although the concept is a decade old, organizations are still in the infant stages of its implementation. Given that tablets and mobile phones have become an intricate part of business aids, all organizations will eventually integrate Zero-Trust into their environments. Many third-party vendors market Zero-Trust tools though, they only provide one or two pieces to achieve 'true ' Zero-Trust. Designing a security auditing Zero-Trust framework, professionals must use a layered approach to defense-in-depth. They must also understand the principle of Least Common Mechanism because complicated information technology systems are challenging to control. In traditional perimeter networks, users must authenticate to an entire organizational network, where perimeter-less Zero-Trust networks are segmented; thus, users can log on a Zero-Trust network by accessing a single-segment at a time. This technology eliminates the need for virtual private networks (VPN), thus, providing faster access. Additionally, most organizations state they audit their systems. However, this project focuses on auditing Zero-Trust devices, applications, data, and network traffic, not continuous logging. When implementing the Zero-Trust framework, organizations will learn how to plan and audit for adequate security.