Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

How John Kindervag’s Zero-Trust Model Applies to Cloud Security

Home
Industry Insights
How John Kindervag’s Zero-Trust Model Applies to Cloud Security

Blog Article Published: 10/31/2022

Originally published by Britive.

At its core, the Zero-Trust Model is wonderfully simple: when you remove trust, you reduce security risk. The concept was developed by John Kindervag, who now serves as a Senior Vice President for ON2IT Cybersecurity. Kindervag realized enterprises could gain better security paradigms by removing inherent, default, and installed trust.

John Kindervag’s Zero-Trust Model

Kindervag’s zero- trust model is now used as a defense mechanism for organizations all over the world. In most cases, zero-trust moves the control pane closer to the defended asset and attempts to tightly direct access and privileges, which are the objective arbiters of trust within most systems.

In other words, zero-trust is often an inversion of older security models that rely on high-security walls and elevated standing permissive access. Zero-trust views, validates, and enables every access request and use case within the system on an as-needed basis.
The Protection of Kindervag’s Zero-Trust Philosophy

The central philosophy of John Kindervag’s zero-trust model is that everything is compromised until proven otherwise. At some point, for some reason, an asset or entity will serve as a vulnerable point of entry to be exploited by a hacker.

When a hacker gains access as a user on a compromised system, they are handed the keys to the castle. Worst case scenario – or best case, in the eyes of the hacker – is that they are able to acquire credentials, access, passwords, user accounts, and privileges.

Hacker efforts can be cut short if they end up tied to a user account with the limited privileges maintained by the zero-trust mentality. With a zero-trust model, the standing privileges that lead to hacker infiltration are eliminated completely. Zero-trust takes away the keys, so that the castle stays safe.

Applying Kindervag’s Zero-Trust Access in Cloud Systems

All data points to cloud computing as the future of technology and business. The cloud infrastructure approach has many benefits, but unfortunately it also comes with a lot of potential security pitfalls. As cloud data storage and repositories grow, more data becomes available for an attacker to target and compromise.

Vendors and third parties can pose their own set of security risks when they access corporate cloud systems. It’s as if you invited someone into your home and they left the front door open behind them on their way in. Adopting Kindervag’s zero-trust philosophy will limit third party privileges and significantly reduce security risks to your enterprise.

How to Apply John Kindervag’s Zero-Trust Model

Applying Kindervag’s zero-trust model is as easy as 1, 2, 3: think big, start small, and move fast.

Think Big

Think about the problem you face and the totality of what is required to solve it from the grand strategic level. If you’re solving access management and cloud security, keep those issues top of mind as you strategically enable zero trust.

Start Small

Be hyper-focused on what to do first. Don’t start an access management project with 500 users; start with 25. Or just five. Do the small stuff right and as close to perfect as possible, and then progress. Enterprises typically solve isolation and segmentation at a micro-level once they handle access management. Small and midsize businesses usually try to address device posture management and software-defined perimeter problems first because they directly affect users and are simpler to resolve.

Move Fast

Here is where the beauty of technology shines. Numerous vendors can provide the technology you need to operate at speed and scale in the cloud. Use their solutions to scale your efforts, optimize your budget, and operationalize resources as you scale. Remember: Do the small stuff right. Then you can scale fast and leverage vendor solutions to push your zero trust strategy forward at the pace your business demands.

Things to Remember During Your Zero-Trust Adoption

Data is the most transitory and ethereal asset that businesses create. Trying to lock such a dynamic asset before solving access management problems that define how data is accessed and by whom is akin to putting the cart in front of the horse.

Lastly, be sure to remember the adversary: the hackers. Hackers want you to be oblivious to what is occurring in your systems. They are chasing those keys to the castle. By controlling your access and privileges through the zero-trust model, you are making sure the castle stays secure.

Zero Trust

Share this content on your favorite social network today!

Latest from CSA
Join AT&T Cybersecurity in Chicago
The State of AI and Security Survey Report
CSA's STAR: The Key to Cloud Security & Compliance
Trending This Week
#1 The 5 SOC 2 Trust Services Criteria Explained
#2 What You Need to Know About the Daixin Team Ransomware Group
#3 Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications
#4 Cybersecurity 101: 10 Types of Cyber Attacks to Know
#5 Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers
Secure your cloud data with Zero Trust Training
Related Articles:
How to Prepare Your Workforce to Secure Your Cloud Infrastructure with Zero Trust

Published: 04/24/2024

What’s in a Name? Defining Zero Trust for Leaders

Published: 04/22/2024

Implementing a Data-Centric Approach to Security

Published: 04/19/2024

7 Common Causes of Data Breach: Safeguarding Your Digital Assets

Published: 04/18/2024