Zero Trust is a shift of network defenses toward a more comprehensive IT security model that allows organizations to restrict access controls to networks, applications, and environment without sacrificing performance and user experience.
~ McAfee
Nowadays, many organizations are adopting Zero Trust (ZT) as an element of their trust network architecture and enterprise security.
ZT is a model which can be simply applied to:
- network architecture
- authentication and authorization architecture
- cloud and container architecture
Three (3) Approaches to Zero Trust Architecture:
- Enhanced Identity Governance (with MFA)
- Micro-segmentation
- Network infrastructure and software-defined perimeters
Zero Trust Access (ZTA) Vs. Zero Trust Network Architecture (ZTNA)
ZTA relies on the organization’s Identity and Access Management (IAM) policies, often requiring MFA as a way to verify that they are who they say they are. Additionally, ZTA usually includes maintaining a continuous inventory of devices and users connecting to the network while continuously scanning for new access.
While ZTA focuses on who and what connects to a network, ZTNA focuses on who and what can connect to applications located on the network. ZTNA places the applications behind a gate called a “proxy point,” creating a secure, encrypted tunnel that data travels across. This makes it easier to secure remote users and entities without having to use a VPN.
Five use cases for zero trust:
- Enterprise satellites
- Multi-cloud architecture
- Managing third-party, non-employee access
- Across enterprise boundaries
- Customer-facing services
(Residual) Risks to Zero Trust:
- Component Configuration
- Denial of Service (DoS) Attack
- Stolen Credential