The Cybersecurity landscape is a daunting one today. It is nothing like it was 10 years ago. Now, it has become very complex, covert, dynamic and stealthy. It has literally become a cat and mouse game, in which the Cyberattacker is still one step ahead. This is despite all of the technology that is available to us a society, which includes Artificial Intelligence (AI) and Machine Learning.
Part of the other problem is that human beings are resistant to change. For example, the password is still the favored way of authenticating and authorizing an individual, but it too has shown its grave limitations. Even despite the use of Password Managers, which can create long and complex passwords, people still resort to their old fashioned ways of doing things.
So what is needed now is an extreme change, in which, unfortunately, people have no choice in whether or not to participate in. It is called the Zero Trust Framework, and in this methodology, absolutely nobody can be trusted in either the internal or the external environments. The mantra here is to keep verifying everybody, all the time.
The Zero Trust Framework also involves the concept of segmentation, in which the IT and Network Infrastructure of a business is broken down into smaller components, much like a Subnet. Each component will have its own layer of security, and every individual must be authenticated via the use of Multifactor Authentication (MFA).
In this book, we review both the concepts and mechanics behind the Zero Trust Framework. We also introduce advanced technologies into it as well, including the use of Biometrics, the Public Key Infrastructure, and Quantum Mechanics/Quantum Cryptography.