The zero-trust approach

A widely accepted approach that was initially coined by Forrester is the data-centric approach, which is used by implementing always verify for all data and assets. This was designed to overcome the flat network problem, which helps threat actors move undetected through lateral movements and exfiltrate sensitive and confidential information. This approach also empowers the security pros so that they can regain control of their network and application. Here is how we get started with the zero-trust approach:

1. Identify and classify sensitive data: In order to protect your data, it's critical to see it. If you are not aware of your sensitive data, the situation may get worse in the post-infection period. Once sensitive data is identified, it's necessary to classify it.
2. Map the data flow: It is important to get a high level of understanding of the application flow across the network. In addition, it is good to have collaboration with all stakeholders, including the network team, application team, and security architects, to prepare a final data flow with the help of existing models.
3. Architect the network: The zero-trust design presents the communication flow between multiple networks and also illustrates how users can access external data. At this stage, an organization identifies the micro-perimeter with physical and virtual switch configurations. 

1. Create the policy base: One key aspect of this approach is that security professionals should restrict access on a need-to-know basis and build effective access control. In addition to knowing IP header fields, security teams also need to know user identity as well as application behaviors.
2. Continuous monitoring: The entire network and application logs should be collected and inspected in real time, including not just the traffic from the external network, but the traffic going out from the private network. The internal traffic flow should be treated the same way the external traffic flow is treated.