NSA, Microsoft promote a Zero Trust approach to cybersecurity

The National Security Agency (NSA) and Microsoft are advocating for the Zero Trust security model as a more efficient way for enterprises to defend against today’s increasingly sophisticated threats.

The concept has been around for a while and centers on the assumption that an intruder may already be on the network, so local devices and connections should never be trusted implicitly and verification is always necessary.

Cybersecurity companies have pushed the zero-trust network model for years, as a transition from the traditional security design that considered only external threats.

The model was created in 2010 by John Kindervag, who also coined the term “zero trust,” principal analyst at Forrester Research at the time but talks about it had started in early 2000s. Google implemented zero-trust security concepts following Operation Aurora in 2009 for an internal project that became BeyondCorp.

Zero Trust defense for critical networks

The recent SolarWinds supply-chain attack, also attributed to a nation-state actor, renewed the discussion on the benefits of the zero trust security architecture for sensitive networks.

Microsoft President Brad Smith advocated for the zero-trust model in his U.S. Senate testimony regarding the SolarWinds cyberattack, saying that this concept is the best approach for an organization or agency to ensure the security of identity in their networks.

Talking about the security of U.S. government networks targeted by the attack, Smith said:

Now, both the NSA and Microsoft are recommending the zero-trust security model for critical networks (National Security Systems,…