Creating an effective security architecture is not straightforward. Which method or framework should you choose?
From a Security by Design perspective, the starting point should always be the core principles derived from that philosophy.
A significant challenge within the cyber security domain is the sheer volume of marketing generated by commercial organisations. This noise appears across products, white papers, and conferences, often promoting solutions as definitive answers to complex problems. While many of these trends can be dismissed as hype, some developments deserve careful consideration.
It is important to remain cautious of emerging IT trends that claim to solve cyber security challenges outright. In practice, organisations often invest more in security solutions while the underlying risks persist.
At the same time, it is valuable to evolve existing methods by incorporating new insights. However, radical paradigm shifts in cyber security should be approached with care.
In this context, the concepts of Zero Trust and Zero Trust Architecture are well-founded.
What is a Zero Trust Architecture?¶
Organisations require a security model that can adapt to the complexity of modern environments, support a mobile workforce, and protect people, devices, applications, and data regardless of their location. This is the foundation of Zero Trust.
Zero Trust is best understood as a conceptual model. It provides a way of thinking about which security principles and controls are necessary in today’s distributed and dynamic IT landscape.
Within a Zero Trust Architecture, every access request must be explicitly validated. This means it is:
Strongly authenticated
Authorised according to defined policies
Continuously inspected for anomalies
Decisions are based on multiple factors, including user identity, device posture, location, and the context of the request. By evaluating these signals, Zero Trust aims to minimise the risk of unauthorised access and limit the impact of potential breaches.
So Zero Trust is a conceptual model to think about what security principles and protections are needed in the modern age.
In a Zero Trust model, every access request is strongly authenticated, authorized within policy constraints and inspected for anomalies before granting access. Everything from the user’s identity to the application’s hosting environment is used to prevent breach.
Key Guiding principles of Zero Trust¶
Guiding principles of Zero Trust:
Verify explicitly: Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.
Use least privileged access: Limit user access with Just-In-Time and Just-Enough Access (JIT/JEA), risk-based adaptive polices, and data protection to protect both data and productivity.
Assume breach: Minimize blast radius for breaches and prevent lateral movement by segmenting access by network, user, devices, and application awareness. Verify all sessions are encrypted end to end. Use analytics to get visibility, drive threat detection, and improve defenses
Zero Trust security architecture principles¶
These guiding zero trust principles are further elaborated in the following security principles:
1. Know your architecture, including users, devices, services and data
In order to get the benefits from zero trust, you need to know about each component of your architecture. This will allow you to identify where your key resources are, the main risks to your architecture and also avoid any late stage pitfalls integrating legacy services which do not support zero trust.
2. Know your user, service and device identities
An identity can represent a user (a human), service (software process) or device. Each identity should be unique and cryptographically identifiable in a zero trust architecture. This is one of the most important factors in deciding whether someone or something should be given access to data or services.
3. Assess your user behaviour, devices and services health
User behaviour, and service or device health, are important indicators when looking to establish confidence in the security of your systems, making them important signals for policy engines. Therefore, having the ability to measure user behaviour, device and service health is key in a zero trust architecture.
4. Use policies to authorise requests
Each request for data or services should be authorised against a policy. The power of a zero trust architecture comes from the access policies you define. Policies can also help to facilitate risk managed sharing of data or services with guest users or partner organisations.
The policy engine is a key component of the zero trust architecture, it uses multiple signals and provides a flexible and secure access control mechanism that adapts to the resources being requested.
But mind: Not every Zero Trust architecture needs a separate implemented policy engine. Some operating systems or applications have already very good policy engines that can be directly used! So implementing a special ‘policy engine’ is for some environments not needed.
5. Authenticate & authorise everywhere
Authentication and authorisation decisions should consider multiple signals, such as device location, device health, user identity and status to evaluate the risk associated with the access request. We do this as we assume the network is hostile and want to ensure all connections that access your data or services are authenticated and authorised.
6. Focus your monitoring on users, devices and services
In a zero trust architecture, it is highly likely that your monitoring strategy will change to focus on users, devices and services. Monitoring of these devices, services and users behaviours will help you establish their health. Monitoring should link back to the policies you have set to gain assurance in their configuration.
7 Don't trust any network, including your own
Don't trust any network between the device and the service it's accessing, including the local network. Communications over a network, to access data or services, should use a secure transport protocol to gain assurance that your traffic is protected in transit and less susceptible to threats.
Even your internal secure encrypted networks can not be blindly trusted. So always use the key Security By Design principle: Defense in Depth
A zero trust architecture changes the way traditional user protections such as malicious website filtering and phishing protection are implemented, these may need to provided by different solutions in your zero trust architecture.