Zero Trust Explained: The Ultimate Guide to Zero Trust Security
Never Trust, Always Verify
Never Trust, Always Verify
TL;DR: In this article, we’ll review Zero Trust and examine what it is, how it works, and how to achieve Zero Trust to improve your network security posture. You’ll learn about different Zero Trust models like ZTA vs. ZTNA, as well as recent steps by the government to apply Zero Trust and strengthen cybersecurity at the national level. Let’s dive in.
Zero Trust is a modern security model founded on the design principle “Never trust, always verify.” It requires all devices and users, regardless of whether they are inside or outside an organization's network, to be authenticated, authorized, and regularly validated before being granted access.
In short, Zero Trust says “Don’t trust anyone until they’ve been verified.”
Zero Trust helps prevent security breaches by eliminating the implicit trust from your system’s architecture—in other words, instead of automatically trusting users inside the network, Zero Trust requires validation at every access point. It protects modern network environments using a multi-layered approach, including:
With the rise of remote work, bring your own device (BYOD), and cloud-based assets that aren’t located within an enterprise-owned network boundary, traditional perimeter security falls short. That’s where Zero Trust comes in. A Zero Trust Architecture (ZTA) is designed as if there is no traditional network edge, retiring the old castle-and-moat model of perimeter security.
In essence, Zero Trust security not only acknowledges that threats exist inside and outside of the network, but it assumes that a breach is inevitable (or has likely already occurred). As a result, it constantly monitors for malicious activity and limits user access to only what is required to do the job. This effectively prevents users (including potential bad actors) from moving laterally through the network and accessing any data that hasn’t been limited.
John Kindervag developed the original Zero Trust model in 2010. As a principal analyst at Forrester Research, Kindervag realized that traditional access models operated on the outdated assumption that organizations should trust everything within their networks. The thinking was that perimeter-based security (i.e., firewalls) would be enough to validate user access and secure the network entirely. But as more workers started remotely accessing systems through all types of devices and all kinds of connections, this trust structure proved insufficient to effectively manage a distributed workforce. Kindervag recognized this vulnerability and developed Zero Trust in response.
Around the same time, Google began developing its own Zero Trust systems. Google created BeyondCorp for migrating traditional virtual private network (VPN) access policies to a new infrastructure in which no systems are trusted and all endpoints gate and monitor access. Google later developed BeyondProd, which provides a Zero Trust method to securely manage code deployment in a cloud-first microservices environment.
Kindervag’s Zero Trust model and Google’s BeyondCorp center around a few major tenets:
With the Zero Trust model, organizations can eliminate direct access to networks and resources, establish granular access controls, and gain visibility into user actions and traffic. However, they need models to guide them through implementation.
Google provides extensive documentation for those wanting to emulate BeyondCorp, which sets an industry standard for Zero Trust. However, most companies find Google’s approach to be interesting in theory, but impossible in practice. (Its implementation essentially required a rip-and-replace of Google’s existing network components and global architecture.) Instead, companies must rely on a combination of third-party services to implement Zero Trust architecture across their infrastructure.
Zero Trust is an integrated, end-to-end security strategy based on three core principles:
These principles create the foundation upon which a ZTA is built.
Always authenticate and authorize based on all available data points—including user identity, location, device, data sources, and service or workload. Continuous verification means there are no trusted zones, devices, or users. Instead, ZTA treats everyone and everything as a potential threat.
By assuming your defenses have already been infiltrated, you can take a stronger security posture against potential threats, minimizing the impact if a breach does occur. Limit the “blast radius” — the extent and reach of potential damage incurred by a breach — by segmenting access and reducing your attack surface, verifying end-to-end encryption, and monitoring your network in real time.
Many attacks take advantage of over-privileged accounts because they are often monitored less and have broader permissions. Zero Trust follows the Principle of Least Privilege (PoLP) which is the practice of limiting access rights for any entity and only permitting the minimum privileges necessary to perform its function. In other words, PoLP prevents users, accounts, computing processes, etc., from having unnecessarily broad access across the network, which leaves your network vulnerable and creates a broader attack surface in case of a breach.
Zero Trust applies this principle to its network security approach, coupled with the principle of continuous verification, to grant access only after verification of multiple contextual variables at each request.
A report by the National Institute of Standards and Technology (NIST) outlines 7 tenets of Zero Trust that regulate user access and data management:
Zero Trust security can be applied in multiple ways depending on your architecture design and approach. To understand Zero Trust, we need to distinguish between common Zero Trust security models:
ZTNA, sometimes referred to as a “software-defined perimeter,” is the most common implementation of the Zero Trust model. Based on microsegmentation and network isolation, ZTNA replaces the need for a VPN and grants access to the network after verification and authentication.
As Gartner defines it, under a ZTNA model, “access is restricted via a trust broker to a set of named entities. The broker verifies the identity, context and policy adherence of the specified participants before allowing access and prohibits lateral movement elsewhere in the network.” This minimizes the attack surface, significantly reducing security risk.
The main difference between ZTNA and VPNs is that VPNs offer perimeter-based security that provides network-wide access; in contrast, ZTNA grants access only to specific resources after verification and authentication.
Compared with VPNs, ZTNA strengthens security around internal and external networks by reducing the attack surface and implementing more granular control. Additionally, ZTNA offers increased flexibility and scalability, improving resource utilization and reducing the strain on IT.
This makes ZTNA a great option for CISOs and IT leaders looking for a security solution that addresses the needs of an increasingly remote and distributed workforce.
ZTAA also operates on Zero Trust principles, but unlike ZTNA, it goes a step further to protect not just the network but applications, too. ZTAA assumes all networks are compromised and limits access to applications until after users and devices have been verified. This approach effectively blocks attackers that enter the network and protects the connected applications.
Zero Trust Access is the umbrella model that encompasses both ZTAA and ZTNA, providing end-to-end Zero Trust across your entire architecture—including all networks and applications. It provides identity-based security that considers not just who is on the network, but what is on the network—extending Zero Trust to the provider itself. This gives organizations unparalleled data privacy in a true Zero Trust environment.
However, the main challenge facing organizations interested in a pure Zero Trust structure is that a Zero Trust Access model requires overhauling your approach to networks and VPNs, which can be a significant undertaking in terms of both resources, investment, and buy-in.
There are several core pillars of Zero Trust security that form a defensive architecture designed to meet the needs of today’s complex network infrastructures. These pillars each represent a key focus area for categorizing and implementing a Zero Trust environment.
An identity is an attribute or set of attributes that uniquely describe a user or entity. Often referred to as workforce or user security, this pillar centers on the use of authentication and access control policies to identify and validate users attempting to connect to the network. Identity security relies on dynamic and contextual data analysis to ensure the right users are permitted access at the right time. Role-based access control (RBAC) and attribute-based access control (ABAC) will apply to policies within this pillar to authorize users.
Similar to identity security, endpoint (or device) security performs “systems of record” validation of devices — both user-controlled and autonomous devices, such as internet of things (IoT) devices — that are trying to connect to the enterprise network. This pillar focuses on monitoring and maintaining device health at every step. Organizations should inventory and secure all agency devices (including mobile phones, laptops, servers, and IoT devices) to prevent unauthorized devices from accessing the network.
Application and workload security include both on-premise and cloud-based services and systems. Securing and managing the application layer is key to successfully adopting a Zero Trust posture. Security wraps each workload and compute container to prevent data collection and unauthorized access across the network.
The data pillar focuses on securing and enforcing access to data. To do this, data is categorized and then isolated from everyone except users that need access. This process includes categorizing data based on mission criticality, determining where data should be stored, and developing a data management strategy accordingly as part of a robust Zero Trust approach.
Visibility into all the security processes and communication related to access control, segmentation, encryption, and other Zero Trust components provides crucial insights into user and system behaviors. Monitoring your network at this level improves threat detection and analysis while empowering you to make informed security decisions and adapt to ever-changing security landscapes.
Improve scalability, reduce human error, and increase efficiency and performance by automating manual security processes that apply policies consistently across the enterprise.
This pillar ensures systems and services in a workload are secured against unauthorized access and potential vulnerabilities.
The network pillar focuses on isolating sensitive resources from being accessed without authorization. This involves implementing microsegmentation techniques, defining network access, and encrypting end-to-end traffic to control network flows.
Implementing a Zero Trust-based network won’t happen overnight. Often, existing infrastructure can be integrated into a Zero Trust approach, but to reach maturity, most networks will need to adopt and incorporate additional capabilities and processes. Fortunately, transitioning to a mature Zero Trust architecture can occur one step at a time. And in fact, incrementally adopting a Zero Trust security posture can reduce risk as improved visibility enables the organization to adapt to meet threats as they emerge.
Follow a strategic plan to adopt Zero Trust as part of a continually maturing roadmap. From the initial planning to basic, intermediate, and advanced stages, your Zero Trust maturity model should help you improve cybersecurity protection, response, and operation over time.
Migrating to ZTA requires a thorough understanding of your network architecture’s current state, including all its assets (both physical and virtual), subjects, and business processes. If this information is incomplete, you will have blind spots in your network security—particularly if there are unknown “shadow IT” components operating within your ecosystem.
By conducting a comprehensive audit and analysis of your network’s current state, you can then map out what steps need to be taken to optimize the network for ideal ZTA.
The Cybersecurity and Infrastructure Security Agency (CISA) describes a Zero Trust Maturity Model enterprises can follow based on the key defensive pillars listed earlier:
Additionally, it lists Governance—or how you control and direct your security strategy—as another key part of a mature ZTA foundation.
CISA’s model represents a gradient of implementation across those key pillars “where minor advancements can be made over time toward optimization.” Organizations can take isolated steps focusing on one pillar at a time, with each category progressing at its own pace until cross-coordination is required. This model supports gradual evolution toward Zero Trust, distributing costs and resources over time, and easing the burden of implementation.
In May 2021 the Biden administration announced a new Executive Order on Improving the Nation’s Cybersecurity—and emphasized the need for adopting Zero Trust across public and private enterprises:
“To keep pace with today’s dynamic and increasingly sophisticated cyber threat environment, the Federal Government must take decisive steps to modernize its approach to cybersecurity, including by increasing the Federal Government’s visibility into threats, while protecting privacy and civil liberties. The Federal Government must adopt security best practices [and] advance toward Zero Trust Architecture…”
As part of the accelerated efforts towards Zero Trust security, CISA developed a Zero Trust Maturity Model to help agencies implement Zero Trust architectures. “The maturity model complements the Office of Management and Budget’s (OMB) Zero Trust Strategy, designed to provide agencies with a roadmap and resources to achieve an optimal Zero Trust environment.”
Of course, proclaiming an ambitious goal is just the first step towards transformation. But as the order goes on to state: “Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments to defend the vital institutions that underpin the American way of life.”
This may leave some IT leaders wondering how to bridge the gap from where they are now to this modern, Zero Trust future. Significant technology and architecture changes can quickly disrupt business-as-usual and complicate daily operations. But standing still isn’t an option either. With increasingly broad attack surfaces, legacy perimeter-based security architectures are no longer going to cut it.
So what might an investment in Zero Trust actually look like?
Imagining an ideal, fully Zero Trust architecture can make the path to achieving it seem daunting (not to mention cost-prohibitive). But it doesn’t have to be. Ultimately, Zero Trust isn’t a technology but a security framework and philosophy, which means you can build it into your existing architecture without completely ripping out existing infrastructure.
The NIST has outlined six Zero Trust best practices for achieving Zero Trust maturity:
As you build up your Zero Trust architecture and gain confidence in the process, you’ll enter a steady operational phase. While you will continue to monitor and make adjustments to the network and assets, you can start planning the next phase of Zero Trust deployment.
Better.com is an online lender that provides a 100 percent digital home buying process that is faster, easier, and more transparent. As a financial tech company handling sensitive customer data, Better.com needs a robust network security approach. But prior to strongDM, they didn’t have a strong management system for database access.
Despite their highly digitized public-facing services, their backend management processes and governance operations were highly manual—creating burdensome overhead costs and increased risk of error. As a result, it often took up to a week to get access provisioned. This not only took team members away from higher-priority activities but also had a downstream impact on productivity in favor of security. And with 41 databases and five database management systems, this approach was unsustainable—they needed a solution that could help them implement Zero Trust across their systems while scaling and strengthening their data security posture.
That’s where strongDM came in. strongDM makes it easy to grant access and audit access control. Better.com was able to implement strongDM within a day and started seeing results immediately. In fact, within a week, Better.com saw an increase in user requests once users saw how easy it was to access databases.
And users can access the database from anywhere. “For Zero Trust, strongDM is an amazing tool—BYOD, within the company, outside [the company], wherever you need to go you can access the data in a secure way,” says Ali Khan, CISO at Better.com.
Key benefits included:
Access management is a key part of building a successful and robust Zero Trust security posture. But disparate systems and manual processes mean creating unique roles for every individual is a time-consuming and costly endeavor—and one that can leave your network vulnerable. strongDM makes it easy to transition to a Zero Trust security model by managing and auditing access to databases, servers, clusters, and web apps for you.
No credit card required.
