Tech Time: Being negative for positive security

An introduction to zero-trust security architecture, its basic principles and what it means for credit unions

“Guilty until proven innocent.” Not a phrase one usually thinks of when discussing credit union cybersecurity practices, but those four words offer a simple introduction to the philosophy behind zero-trust architecture for information and technology security.

For our starting point, let’s look at the NIST definition of zero trust:

Zero trust provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.”

Zero-trust architecture is an enterprise’s cybersecurity plan utilizing zero trust concepts and encompasses component relationships, workflow planning, and access policies.

Breaking down the above, let’s look at several aspects of what zero trust is and is not for the credit union.


continue reading »