Zero-trust methodology
In this tutorial, we will learn and understand about Zero-trust methodology and its principles.
What is Zero-trust methodology?
Zero Trust assumes everything is on an open and untrusted network, even resources behind the firewalls of the corporate network. However, the Zero Trust model operates on the principle of “trust no one, verify everything.”
Attackers’ ability to bypass conventional access controls is ending any illusion that traditional security strategies are sufficient. By no longer trusting the integrity of the corporate network, security is strengthened. That is to say, in practice, there is no longer a need to assume that a password is sufficient for validating a user but add multi-factor authentication to provide additional checks. Further, instead of granting access to all devices on the corporate network, the users have access only to the specific applications or data that they need.
Zero Trust guiding principles
The Zero Trust model has three principles for helping in guiding and underpinning the security implementation process. However, they are:
- Firstly, Verify explicitly. This means always authenticate and authorize based on the available data points. This includes user identity, location, device, service or workload, data classification, and anomalies.
- Secondly, Least privileged access. Limit user access with just-in-time and just-enough access (JIT/JEA), risk-based adaptive policies, and data protection for protecting both data and productivity.
- Lastly, Assume breach. Segment access by network, user, devices, and application. Moreover, use encryption for protecting data, and use analytics to get visibility, detect threats, and improve your security.
Six foundational pillars
In the Zero Trust model, all elements work together to provide end-to-end security. However, these six elements are the foundational pillars of the Zero Trust model:
- Firstly, identities may be users, services, or devices. When an identity attempts to access a resource, it must perform verification with strong authentication, and follow least privilege access principles.
- Secondly, devices create a large attack surface as data flows from devices to on-premises workloads and the cloud. Monitoring devices for health and compliance is an important aspect of security.
- Thirdly, applications are the way that data is consumed. This includes discovering all applications in use, sometimes called Shadow IT. This pillar also includes managing permissions and access.
- Fourthly, data classification, labeling, and encryption should depend on its attributes. Security efforts are ultimately about protecting data, and ensuring it remains safe when it leaves devices, applications, infrastructure, and networks that the organization controls.
- Then, infrastructure, whether on-premises or cloud-based, represents a threat vector. To improve security, you assess for version, configuration, and JIT access, and use telemetry to detect attacks and anomalies. This allows you to automatically block or flag risky behavior and take protective actions.
- Lastly, there must be network segmentation, including deeper in-network micro-segmentation. Also, real-time threat protection, end-to-end encryption, monitoring, and analytics should be employed.
Reference: Microsoft Documentation