Zero trust is a security model that aims to make organizations resilient to cyber threats by enforcing security rules that continuously identify and eliminate uncertainties. A zero trust architecture is a framework for implementing zero trust principles, including continuous verification, damage mitigation and intelligence gathering. It enables organizations to implement measures that improve access control and strengthen their security posture.
Zero trust enables organizations to effectively control access to their network, applications, and data. Here are the core benefits this architecture offers:
Achieve strict access control and comprehensive visibility
The zero trust model aims to allow organizations to approve each user and device every time they request access to the network while obtaining visibility into the who, how, and why of each request. Organizations employing zero trust with least privileges access can maintain strict oversight of all users and devices on the network and their activity.
Isolate threats using microsegmentation
A zero trust architecture usually leverages microsegmentation to split the network by group, function, and identity to achieve granular control of user access, contain breaches, and minimize the scope of the damage. It helps improve breakout times, the critical time frame between the initial compromise of the first machine and lateral movement to other areas on the network.
Gather intelligence to improve security decision making
A zero trust architecture gathers intelligence from multiple points of telemetry to inform a security strategy that is always evolving and striving to prevent old and new attacks proactively.
Related content: Read our guide to zero trust network (coming soon)
Implementing borderless security
Organizations often leverage the zero trust architecture to securely expand their infrastructure to include cloud-based servers and applications and increase the number of endpoints in their network. Since the zero trust network is borderless, it enables organizations to apply security principles equally across all devices and users regardless of the location.
Enhance the user experience
The zero trust security model offers an enhanced user experience compared to virtual private networks (VPNs). A VPN usually limits application use, requires frequent updates and authentication, and impacts system performance. It typically involves adding multi-factor authentication (MFA) to improve security and single sign-on (SSO) to simplify the user experience.
Microsoft implemented the zero trust model and shared the details on the official website. It focuses on corporate services across the organization, including line-of-business and Office applications, covering devices that run on Android, iPhone, Mac, and Windows. Intune, Microsoft’s cloud-based mobile device management (MDM) service, manages devices.
Here are the four phases of Microsoft’s zero trust model:
The National Institute of Standards and Technology (NIST) offers various resources to improve cybersecurity, including a list of conceptual guidelines for designing and deploying a zero trust architecture. Here are the key steps for implementing a zero trust architecture according to NIST:
1. Use infrastructure that supports zero trust
Not all network and security services support zero trust and might require integration with additional resources, increasing overhead. Prefer to use products and services built with a zero trust approach in mind. These products use standards-based technologies that allow easier integration and interoperability between identity providers and services.
2. Map out the environment and identities
According to NIST, the architecture includes all users, services, data, and devices. Organizations implementing zero trust must inventory each component of their architecture to gain visibility into the location of key resources and the main risks threatening the architecture. It helps avoid late-stage pitfalls like integrating legacy services that cannot support zero trust.
Visibility must be extended to all relevant entities – including human users, software-based processes, services, or devices. A zero trust architecture requires making each entity uniquely identifiable to ensure processes can accurately determine whether to allow or grant access to data or services to a specific identity.
3. Use policies to determine access
The NIST recommends using policies to determine access to resources and the state of user identity, the requesting system, and other behavioral attributes. Here is how NIST defines identities:
4. Monitor the architecture
The NIST recommends monitoring the architecture to ensure all owned and associated systems remain secure. It involves monitoring the state of systems and applying fixes or patches as needed. Additionally, monitoring enables organizations to deny access to resources to non-enterprise-owned systems or those with recently-discovered vulnerabilities.
Building a zero trust architecture requires mapping the network topology and inventorying all assets. You must discover your users, their devices, and which services and data they access.
You should closely observe all network components and consider all networks hostile, including local and public networks. Additionally, you should account for any existing service not designed for zero trust and might not be able to defend itself.
You must secure all communication channels within your zero trust architecture and ensure they are trustworthy. Protect these channels against key threats like eavesdropping, message modification, and replay attacks.
A communication channel mediating between two devices should:
Leverage various preventative measures to deter and thwart threat actors attempting to breach the network. Here are common preventative measures to consider:
In this article, we defined a zero trust architecture, described its compelling security benefits, and showed a real life example of a zero trust implementation at a technology giant – Microsoft.
We described four steps to implement a zero trust architecture:
Finally, we provided tips that can help make your zero trust project a success:
Ready to extend visibility, threat detection and response?