๐๐ ด๐ ฒ๐ ด๐ ธ๐ ๐ ด ๐๐ ด๐ ฝ๐๐ ด ๐ ผ๐ ด๐ ณ๐ ธ๐ ฐ โ Issue #19 A case of ZERO TRUST in the crypto.
Hello Fr3ns ,
I hope you all had a great weekend and for fr3ns in the states you enjoyed the long weekend and got some grilling done on labor day.
Retail Adoption is a key driver for the growth and acceptance of crypto as a whole . This will NOT happen until some major improvements are done to the structure of the space.
One of those improvements is ZERO TRUST.
In the realm of cyber security, the term โzero trustโ has become ubiquitous. To fully grasp Zero Trust, one must first know what it is not.
Zero Trust is a policy that ensures the safety of a companyโs network by doing away with all forms of implicit trust and instead verifying each and every step of a digital interaction on a continual basis. Zero Trust is an approach to cyber security and digital transformation that is grounded in the adage โnever trust, always verify,โ and which seeks to achieve these goals through the use of strong authentication methods, network segmentation, the prevention of lateral movement, the provision of Layer 7 threat prevention, and the simplification of granular, โleast accessโ policies.
For any sort of major adaption to happen this need to be adopted by the whole crypto space , be it DeFi , NFTs , DAOs and all other parts. The smart contract is supposed to be trustless and it is for the most part but the systems which implements them are not. Recent occurrences from the massive failure of CEFI entities , the implosion of the Terra Ecosystem and the madness that happened with 3AC cries for the need of a trustless framework.
Realizing that the premise that everything within an organizationโs network can be trusted implicitly is no longer valid, Zero Trust was developed. Due to the lack of granular security measures, users (including threat actors and malicious insiders) are free to move laterally inside the network and access or exfiltrate sensitive data because of the networkโs implicit trust in them.
Zero Trust is more important than ever before in this age of rapidly expanding web3 hybrid workforces, ongoing cloud migration, and revolutionary changes to security operations. Zero Trust architectures, when implemented properly, not only yield increased security but also decrease security complexity and operational overhead.
โญ Step 0: Visibility and Critical Asset Identification
๐ข Zero Trust requires first determining which data, assets, apps, and services are the most important and valuable to the network. This not only aids in deciding where to begin, but also makes it possible to implement Zero Trust security measures. As part of their Zero Trust journey, protocols/projects may better prioritize and protect their most valuable assets if they first determine what those assets are.
๐ข The next stage is to collect user information (names, email addresses, wallet addresses etc.), so you can create a policy that restricts access to just those who need it and uses technology that provides the highest level of protection for your most valuable assets.
โญ Building The Zero Trust Enterprise
Although Zero Trust is most often associated with user or use case security, such as Zero Trust Network Access (ZTNA), a true Zero Trust solution covers all three layers of security: Users, Applications/Dapps, and Infrastructure.
๐ข User :
Strong user authentication, implementation of โleast accessโ restrictions, and device integrity verification are the foundation of any Zero Trust initiative, and they must begin with the end users.
๐ข Application/ Dapps :
When Zero Trust is applied to apps, implicit trust is removed between the various components of the program. The idea behind Zero Trust is that apps/Dapps cannot be trusted, hence their actions must be constantly monitored during execution.
๐ข Infrastructure :
A Zero Trust strategy must be applied to all aspects of infrastructure, including routers, switches, the cloud, Dexes, oracles, wallets, the Internet of Things, and the supply chain.
The core concept of zero trust is simple: assume everything is hostile by default. Itโs a major departure from the the present system in the Crypto space right now. A zero trust approach treats all traffic, even if itโs already inside the perimeter, as hostile.
For instance, communication between workloads is prevented until that workloadโs fingerprint or identity has been verified. Stronger security is provided wherever the workload communicates, be it in the public cloud, a hybrid environment, a container, or on-premises network architecture, thanks to identity-based validation criteria.
Zero trust ensures the security of applications and services even when they communicate across different network environments, without the need for any changes to the underlying architecture or policy updates. Safe digital transformation is made possible by zero trust, which provides encrypted connections between endpoints over any network according to predefined Policies or regulations.
If you liked this breakdown share with two people that you think this will be beneficial to them. There is no joy in possession without sharing. Share your knowledge. The miracle is this: The more we share the more we have.๐๐ฟ๐๐ฟ๐ซ
Fin ๐