Zero Trust is a security framework that mandates that all users, whether inside or outside the organization's network, must be verified, approved, and continually evaluated for security configuration and posture before being given or maintaining access to applications and data. In the Zero Trust model, there is no typical network edge; instead, networks might be local, cloud-based, hybrid, or a combination of both, with people and resources distributed around the globe.

The Core Principles of the Zero Trust Model are

1. Continuous Verification

Continuous verification ensures there have never been any trusted devices, zones, or credentials. Verification must be applied continuously to such a wide range of assets, which means that multiple essential components are required for this to work effectively. Hence the saying "Never Trust, Always Verify."

  • Conditional access depending on risk. This guarantees that the workflow is only halted when the risk levels change, enabling ongoing verification without compromising user experience.
  • Rapid and scalable deployment of dynamic policy models. The policy must take into account risk as well as compliance and IT needs for policy because workloads, data, and users can move often. Organizations are nevertheless subject to organizational-specific rules and compliance standards even with zero trust.

2. Limit the Blast Radius

If a breach does happen, it is crucial to lessen its effects. Zero Trust restricts an attacker's options for credentials or access points, giving systems and users time to react and neutralise the attack.

Limiting the radius means:

Using identity based segmentation - Due to the frequent changes in workloads, users, data, and credentials, traditional network-based segmentation can be difficult to maintain operationally.

Least privilege principle - It is crucial that credentials are provided access to the minimal functionality necessary to complete the task whenever they are used, particularly for non-human accounts (such as service accounts). The scope should evolve along with the jobs. Since privileged service accounts are frequently not monitored and have excessive permissions, several exploits take advantage of them

3. Automate Context Collection And Response

More data is beneficial as long as it can be analysed and used in real-time to make the best judgments. NIST offers advice on how to use data from the following sources:

  • User credentials – human and non-human (service accounts, non-privileged accounts, privileged accounts – including SSO credentials)
  • Workloads – including VMs, containers, and ones deployed in hybrid deployments
  • Endpoint – any device being used to access data
  • Network
  • Data
  • Other sources (typically via APIs):
  • SIEM
  • SSO
  • Identity providers (like AD)
  • Threat Intelligence