Have you ever heard the term ‘Zero Trust’?
What would you think if you heard that IT Services will implement ‘Zero Trust’ at UA Little Rock? Does it mean that you cannot be trusted? Or, you cannot trust services provided by IT Services?
In fact, none of the above is true. ‘Zero Trust’ is defined as a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, ‘least privilege’ access decisions in information systems.
The definition is a bit complicated, isn’t it? Basically, ‘Zero Trust’ can be defined as the effort to protect data by adapting cyber systems to our changing world.
The traditional approach to cyber security can be explained by using the medieval castle vs. modern city analogy:
- Build a castle
- Construct a wall around it
- Dig a moat around the wall
- Build another wall
- Everything (and everyone) inside of the castle is good
- Everything (and everyone) outside of the castle is bad
While this model is relatively easier to manage and control, it does not necessarily meet the challenges of the ever-evolving cyber security threats we face today.
In today’s world, we have modern cities without walls and moats to protect the “good” people from outside malicious activities. Individuals can freely travel wherever and whenever they want.
To carry this analogy further, UA Little Rock’s open campus policy, just like modern cities, allows freedom of movement for people to come and go as they please.
However, even in an open campus there are some restrictions and not everyone is permitted to freely enter buildings, offices, or classrooms at will. To gain entrance to these buildings, individuals are required to use ID cards or keys to open doors to which they have been granted access. Otherwise, access will be denied.
The same principle of controlling access to certain areas will soon be implemented in the university’s current cyber environment. This will have the result of increasing the security of UA Little Rock data as well as on-campus and remote working users.
‘Need to know’ and ‘least privilege’ access will be the fundamental components of the implementation. These changes will help lower cyber security risks and increase protection for campus users from common but increasingly dangerous attacks like ransomware.
If you have questions or want additional information about ‘Zero Trust’, please contact IT Services.
