Zero-trust design principles
As we saw in the previous chapter, organizations that do not have a secure foundation in place can easily become victims of a ransomware attack. This can be because of a lack of security mechanisms or proper control of identities, such as user accounts, service accounts, tokens, or unpatched vulnerabilities, in their environment.
One of the main security design principles that is becoming a common security standard for any secure foundation is the zero-trust architecture. Zero-trust is not a product but more of a set of security principles and guidelines where the focus involves moving away from services and users having implicit trust access to where no one is trusted by default.
In short, the goal is to prevent unauthorized access to data and services, along with making access control enforcement as granular as possible.
Let me use an example where a zero-trust-based approach would provide lower risk.
When you have an Active Directory domain...