When it comes to your nonprofit’s data, you should trust no one if you want to keep it safe. Adam Rosenzweig, program manager at Okta for Good, tells clients that a “Zero Trust” approach is the most effective way to keep predators away from your data.
Here is an excerpt from an article published in The NonProfit Times:
Organizations used to protect themselves by creating a perimeter around their network. Everyone inside the network was a trusted entity while everyone outside the network was not. The problem was that if a hacker managed to breach the network they then had access to everything — all the way up to your most sensitive data, Rosenzweig said.
With cloud computing becoming more prevalent in the past few years, sensitive data now has moved outside of that perimeter as mobile and cloud computing have essentially dissolved the perimeter. The result is that you can no longer automatically trust anyone. Today, a perimeter is needed around everyone who has access to data in an organization. That way, people earn trust through context.
In a “Zero Trust” world, the mantra is “Never trust, always verify.” Rosenzweig reviewed the key concepts of Zero Trust:
- Secure access: All resources are accessed in a secure manner, regardless of location;
- Control access: Each person is granted access on a need-to-know basis; and,
- Inspect and log traffic: Security and IT teams inspect and log all traffic to verify users are doing the right thing at the right times.