Never Trust, Always Verify
Summary: This article offers an in-depth review of Zero Trust security, including its benefits, best practices, and common barriers to implementation. You’ll gain a deeper understanding of Zero Trust models like ZTAA and ZTNA and learn the tools and techniques you need to apply frictionless Zero Trust access control to your infrastructure. Let’s dive in.
Zero Trust is a modern security model founded on the design principle “Never trust, always verify.” It requires all devices and users, regardless of whether they are inside or outside an organization's network, to be authenticated, authorized, and regularly validated before being granted access.
In short, Zero Trust says “Don’t trust anyone until they’ve been verified.”
Zero Trust helps prevent security breaches by eliminating the implicit trust from your system’s architecture. Instead of automatically trusting users inside the network, Zero Trust requires validation at every access point. It protects modern network environments using a multi-layered approach, including:
With the rise of remote work, bring your own device (BYOD), and cloud-based assets that aren’t located within an enterprise-owned network boundary, traditional perimeter security falls short. That’s where Zero Trust comes in. A Zero Trust architecture (ZTA) is designed as if there is no traditional network edge, retiring the old castle-and-moat model of perimeter security.
In essence, Zero Trust security not only acknowledges that threats exist inside and outside of the network, but it assumes that a breach is inevitable (or has likely already occurred). As a result, it constantly monitors for malicious activity and limits user access to only what is required to do the job. This effectively prevents users (including potential bad actors) from moving laterally through the network and accessing any data that hasn’t been limited.
Zero Trust security can be applied in multiple ways depending on your architecture design and approach.
Zero Trust Network Access (ZTNA), sometimes referred to as a “software-defined perimeter,” is the most common implementation of the Zero Trust model. Based on micro-segmentation and network isolation, ZTNA replaces the need for a VPN and grants access to the network after verification and authentication.
As Gartner defines it, under a ZTNA model, “access is restricted via a trust broker to a set of named entities. The broker verifies the identity, context and policy adherence of the specified participants before allowing access and prohibits lateral movement elsewhere in the network.” This minimizes the attack surface, significantly reducing security risk.
Zero Trust Application Access (ZTAA) also operates on Zero Trust principles, but unlike ZTNA, it goes a step further to protect not just the network but applications, too. ZTAA assumes all networks are compromised and limits access to applications until after users and devices have been verified. This approach effectively blocks attackers that enter the network and protects the connected applications.
Zero Trust Access is the umbrella model that encompasses both ZTAA and ZTNA, providing end-to-end Zero Trust across your entire architecture—including all networks and applications. It provides identity-based security that considers not just who is on the network, but what is on the network—extending zero trust to the provider itself. This gives organizations unparalleled data privacy in a true Zero Trust environment.
John Kindervag developed the original Zero Trust model in 2010. As a principal analyst at Forrester Research, Kindervag realized that traditional access models operated on the outdated assumption that organizations should trust everything within their networks. The thinking was that perimeter-based security (i.e., firewalls) would be enough to validate user access and secure the network entirely. But as more workers started remotely accessing systems through all types of devices and all kinds of connections, this trust structure proved insufficient to effectively manage a distributed workforce. Kindervag recognized this vulnerability and developed Zero Trust in response.
Around the same time, Google began developing its own Zero Trust systems. Google created BeyondCorp for migrating traditional virtual private network (VPN) access policies to a new infrastructure in which no systems are trusted and all endpoints gate and monitor access. Google later developed BeyondProd, which provides a Zero Trust method to securely manage code deployment in a cloud-first microservices environment.
Kindervag’s Zero Trust model and Google’s BeyondCorp center around a few major tenets:
With the Zero Trust model, organizations can eliminate direct access to networks and resources, establish granular access controls, and gain visibility into user actions and traffic. However, they need models to guide them through implementation.
Google provides extensive documentation for those wanting to emulate BeyondCorp, which sets an industry standard for Zero Trust. However, most companies find Google’s approach to be interesting in theory, but impossible in practice. (Its implementation essentially required a rip-and-replace of Google’s existing network components and global architecture.) Instead, companies must rely on a combination of third-party services to implement Zero Trust architecture across their infrastructure.
Zero Trust is an integrated, end-to-end security strategy based on three core principles.
These principles create the foundation upon which a Zero Trust Architecture (ZTA) is built. Additionally, the eight pillars of Zero Trust security form a defensive architecture designed to meet the needs of today’s complex networks. These pillars each represent a key focus area for categorizing and implementing a Zero Trust environment.
An effectively implemented Zero Trust model should go beyond security. It should enable businesses to operate more effectively, enabling secure, granular access for everyone, including:
Virtual private networks (VPNs) often struggle to keep up with the complexity of modern tech environments. And although Zero Trust and VPN are not mutually exclusive, many organizations find that VPN is unnecessary after the adoption of a Zero Trust model.
VPNs offer perimeter-based security that provides network-wide access; in contrast, ZTNAs grant access only to specific resources after verification and authentication. Compared with VPNs, ZTNA strengthens security around internal and external networks by reducing the attack surface and implementing more granular control. Additionally, ZTNA offers increased flexibility and scalability, improving resource utilization and reducing the strain on IT.
This makes ZTNA a great option for CISOs and IT leaders looking for a security solution that addresses the needs of an increasingly remote and distributed workforce.
In May 2021 the Biden administration announced a new Executive Order on Improving the Nation’s Cybersecurity—and emphasized the need for adopting Zero Trust across public and private enterprises:
“To keep pace with today’s dynamic and increasingly sophisticated cyber threat environment, the Federal Government must take decisive steps to modernize its approach to cybersecurity, including by increasing the Federal Government’s visibility into threats, while protecting privacy and civil liberties. The Federal Government must adopt security best practices [and] advance toward Zero Trust Architecture…”
This may leave some IT leaders wondering how to bridge the gap from where they are now to this modern, Zero Trust future. Significant technology and architecture changes can quickly disrupt business-as-usual and complicate daily operations. But standing still isn’t an option either. With increasingly broad attack surfaces, legacy perimeter-based security architectures are no longer going to cut it.
Despite the obvious security gains from a Zero Trust approach, there can be significant obstacles when moving your organization to a new cybersecurity model.
Even with third-party services, many businesses still struggle to successfully implement Zero Trust Network Access. According to a report by Cybersecurity Insiders, only 15% of companies already have a Zero Trust strategy in place, while another 63% of companies intend to develop a strategy in the near future. Similarly, in a survey conducted in 2019, only 16% of physical data centers have implemented a Zero Trust architecture.
If you’re planning to adopt a Zero Trust approach, you’ll need to anticipate and plan for these potential challenges.
Modern companies have highly complex and distributed infrastructures. IT leaders face the challenge of creating a Zero Trust strategy that accounts for an environment that may have hundreds of different databases, servers, proxies, internal applications, and third-party SaaS applications. To further complicate matters, each of these may run in multiple different physical and cloud data centers, each with its own network and access policies.
For many organizations, bringing a network to a level that conforms with Zero Trust protocols requires a large number of custom configurations and time-intensive development projects. This burden may drive organizations to take shortcuts that are not scalable or secure.
To build infrastructure to support a Zero Trust model in such an organization, you’d have to implement a number of different micro-segmentation tools, software-defined perimeter tools, and identity-aware proxies. This set of tools may include VPNs, multi-factor authentication (MFA), device approval, intrusion prevention systems (IPS), single sign-on (SSO) solutions, and more.
However, many of these systems are specific to cloud providers, operating systems, and devices. Many organizations do not support one homogeneous set of devices, but instead run in multiple clouds and physical data centers, have users on both Mac and Windows, have servers running multiple Linux distributions or Windows Server versions, and support all sorts of different network-connected devices.
Vendors for these tools often require organizations to buy redundant technologies to support all of these environments. These vendors may also add unnecessary complexity by focusing on the network layer rather than placing controls near users and applications.
Additional challenges arise with legacy systems and third-party applications that are designed around implicit trust. Organizations often cannot configure legacy or third-party applications in a way that conforms with a Zero Trust model without rebuilding them. Administrators often have to create their own frameworks and infrastructure to support them, this adds complexity, time, and expense—and requires buy-in at every level.
Transitioning to Zero Trust can introduce gaps in security that can increase risk. Most organizations adopt Zero Trust over time, taking a piecemeal approach. While this helps manage costs and resources, it can introduce gaps in security, especially if you’re migrating from a legacy architecture.
Migrating to ZTA can be costly, especially if you are transitioning from a legacy system. A comprehensive Zero Trust framework may require you to build infrastructure from scratch. This means a long-term, multi-phase process that requires significant resources and time. Although these costs can be managed somewhat through incremental adoption, the speed and scale of adoption can be a challenge. Not to mention the costs of training talent and investing resources into maintaining a Zero Trust architecture post-implementation.
Even after project development, organizations need to put aside resources for ongoing maintenance. For instance, micro-segmentation requires regularly updating IP data and configuring and verifying changes to minimize access for users. Further, as administrators introduce new systems and applications into the network, they must add them in such a way that conforms to the Zero Trust protocols, often requiring additional framework development.
Zero Trust prioritizes security by locking down access until a user is verified. The challenge is making sure Zero Trust access management doesn’t impact workflows and performance. For instance, if an employee changes roles, they will need updated access to required data. If that role change isn’t recognized quickly, users could be locked out of key files they need to do their job—hurting productivity and causing roadblocks in workflows.
Building a Zero Trust model in a large organization requires buy-in from key stakeholders to ensure proper planning, training, and implementation. The project touches nearly everyone in the organization, so managers and leaders all must agree on the plan. With many organizations slow to implement such change, the politics of this alone can add a lot of strain on the successful performance of the project.
Zero Trust implementation won’t happen overnight. Often, existing infrastructure can be integrated into a Zero Trust approach, but to reach maturity, most networks will need to adopt and incorporate additional capabilities and processes.
Fortunately, transitioning to a mature Zero Trust architecture can occur one step at a time. And in fact, incrementally adopting a Zero Trust security posture can reduce risk as improved visibility enables the organization to adapt to meet threats as they emerge. Follow a strategic plan to adopt Zero Trust as part of a continually maturing roadmap.
From the initial planning to basic, intermediate, and advanced stages, your Zero Trust maturity model should help you improve cybersecurity protection, response, and operation over time.
Migrating to ZTA requires a thorough understanding of your network architecture’s current state, including all its assets (both physical and virtual), subjects, and business processes. If this information is incomplete, you will have blind spots in your network security—particularly if there are unknown “shadow IT” components operating within your ecosystem.
By conducting a comprehensive audit and analysis of your network’s current state, you can then map out what steps need to be taken to optimize the network for ideal ZTA.
The Cybersecurity and Infrastructure Security Agency (CISA) describes a Zero Trust Maturity Model enterprises can follow based on the key defensive pillars listed earlier. Additionally, it citesgovernance, how you control and direct your security strategy, as another key part of a mature ZTA foundation.
CISA’s model represents a gradient of implementation across those key pillars “where minor advancements can be made over time toward optimization.” Organizations can take isolated steps focusing on one pillar at a time, with each category progressing at its own pace until cross-coordination is required. This model supports gradual evolution toward Zero Trust, distributing costs and resources over time, and easing the burden of implementation.
The National Institute of Standards and Technology (NIST) has outlined six steps for migrating to a Zero Trust architecture.
As you build up your Zero Trust architecture and gain confidence in the process, you’ll enter a steady operational phase. While you will continue to monitor and make adjustments to the network and assets, you can start planning the next phase of Zero Trust deployment.
Better.com is an online lender that provides a 100 percent digital home buying process that is faster, easier, and more transparent. As a financial tech company handling sensitive customer data, Better.com needs a robust network security approach. But prior to strongDM, they didn’t have an efficient management system for database access.
Despite their highly digitized public-facing services, their backend management processes and governance operations were highly manual—creating burdensome overhead costs and increased risk of error. As a result, it often took up to a week to get access provisioned. This not only took team members away from higher priority activities but also had a downstream impact on productivity in favor of security. And with 41 databases and five database management systems, this approach was unsustainable—they needed a solution that could help them implement Zero Trust across their systems while scaling and strengthening their data security posture.
That’s where strongDM came in. strongDM makes it easy to grant access and audit access control. Better.com was able to implement strongDM within a day and started seeing results immediately. In fact, within a week, Better.com saw an increase in user requests once users saw how easy it was to access databases.
And users can access the database from anywhere. “For Zero Trust, strongDM is an amazing tool—BYOD, within the company, outside [the company], wherever you need to go, you can access the data in a secure way,” says Ali Khan, CISO at Better.com.
Key benefits included:
Access management is a key part of building a successful and robust Zero Trust security posture. But disparate systems and manual processes mean creating unique roles for every individual is a time-consuming and costly endeavor—and one that can leave your network vulnerable. strongDM makes it easy to transition to a Zero Trust security model by managing and auditing access to databases, servers, clusters, and web apps for you.
strongDM simplifies the implementation of Zero Trust to your infrastructure by providing:
Imagining an ideal, fully Zero Trust architecture can make the path to achieving it seem daunting (not to mention cost-prohibitive). But it doesn’t have to be. Ultimately, Zero Trust isn’t a technology but a security framework and philosophy, which means you can build it into your existing architecture without completely ripping out existing infrastructure.
Want to learn more? Get a free no BS demo of strongDM.
More Zero Trust Resources
No credit card required.