Zero Trust security is a model of IT security that restricts access to virtually every asset or location in the network. In order to access each area people must submit passwords or similar in order to get to different devices, drives or files within a network. It’s the opposite to the castle-and-moat model, whereby everyone inside the virtual moat walls can access everything. This may be a simpler approach to implement, but once an attacker breaches that single wall of security, they can get to everything else. The concept and term were coined in 2010, by Forrester Research Inc. in the United States.
Although Zero Trust is an IT-based concept, we can translate it to physical security quite easily. The real-world security version of a Zero Trust model is an access control system. This takes the view that just because someone is on the network, or inside the premises, this does not mean they are automatically a trusted person and should have unfettered access to everything.
“Trust no-one” is the core principle of Zero Trust systems, and this informs the next principle of least privilege access. This means that while all staff may enter the premises and the canteen, the server rooms, stock rooms, or personal offices are off limits unless their job requires them to have access. This principle helps protect valuable items or information from anyone and everyone, meaning that disgruntled employees can’t steal data or stock, and that in the event of a robbery these items are also restricted.
Continuous monitoring is another aspect of Zero Trust that translates well to the physical security world. Rather than monitoring network activity, this would take the form of CCTV monitoring to give the same oversight of who is going where, at what time, and under what circumstances. This would be a vital aspect for sensitive sites where an attacker could potentially steal a key-card, or force an employee to use their fingerprint or retinal scan to allow access. If the premises are being monitored then access can be denied instantly by restricting that person’s access from within the system.
To implement a Zero Trust security model in a physical premise you will need a robust access control system and CCTV with monitoring. If there is a possibility that access control could be breached by an intruder, the monitoring facility (whether in house or using our monitoring centre) will need a method of instantly deactivating permissions to stop employees being used to help attackers gain access.
The access control system protects the business premises at every stage, from getting into the main site, to the building and then to different levels, corridors and even individual rooms. There is no need to relocate any facilities or services within the buildings, as access control points can be installed anywhere. This means you could even have a sensitive location leading directly from an all-access corridor, as the access control will prevent unauthorised personnel from entering that sensitive room. Of course, it is preferable to locate super-sensitive areas within other restricted areas because the more levels of security there are, the harder it is to gain access.
Access is controlled centrally, so you don’t need to have an employee’s key card or their physical presence on site to change their access settings. Lost or stolen access fobs can be deactivated instantly, while new access privileges can be granted just as quickly.
P&R Alarms can advise, provide and maintain the best access control system for your needs, as well as installing monitored CCTV, intruder alarms and environmental monitoring. We can even integrate these systems to create a user-friendly system that caters to your every need. If you’re interested in the Zero Trust approach, contact P&R Alarms today.