ANSSI views on the Zero Trust model
The Zero Trust model is increasingly appealing as it is promoted as a guarantee of secure access to IT resources in mixed usage contexts (remote working, BYOD) and is generating enthusiasm from technological and security solution providers who see the prospect of new gains.
However, as of today, the use of these solutions is challenging due to a lack of maturity: deployment can lead to installation or configuration errors, increase the vulnerability of information systems, and give companies a false sense of security.
If the Zero Trust model aligns with the “defense in depth” logic historically promoted by ANSSI, it constitutes a modification of the strict perimeter logic that has long prevailed. Therefore, if implementation of the model is considered, it can only be gradual: it requires the use of new security solutions that must integrate into an overall defense system without replacing it. Implementing such solutions is challenging: deployment can lead to installation or configuration errors, increase the vulnerability of information systems, and give companies a false sense of security.