Zero Trust Security is a holistic approach to design security architecture
It is based on a fundamental concept of Never trust, always verify anyone or anything operating within or outside the security boundary.
Designed to protect all computer assets, applications and data, irrespective of where they are or where the user is accessing them from.
It is not a product, but a set of design principles which cannot be implemented using a single product.
Components of Zero Trust
3
1
2
4
Zero Trust Workloads
Zero Trust Data
Zero Trust Network
Zero Trust People
Components of Zero Trust
7
5
6
Automation &Orchestration
Zero Trust Devices
Visibility &Analytics
Zero Trust Network
Implement Micro Segmentation, IPSec, Authentication Internet Protocol (AuthIP), Private VLANS, Wireless Network Station Isolation to stop lateral movement of malicious code in your network.
Zero Trust People
People accessing the organization's resources are by default untrusted. Their Identity must be checked and verified periodically.
Zero Trust Data
Data should remain safe in storage, transit or in use even if it leaves the local devices, apps, infrastructure, and networks the organization controls.
Data should be classified, labelled, and encrypted, and access restricted based on the attributes.
Zero Trust
Devices
Devices must be checked and verified to be authorized to access the networkThe Integrity of every device must be checked at startup and during operation
Zero Trust Workloads
Identify all workloads that relate to the cloud assets intended for protection.Define internal segmentation based on “least privilege,”configure an access control policy to enforce this segmentation.
Visibility & Analytics
All network traffic should be inspected and logged.
Deploy network analysis and visibility (NAV) tool to gain visibility. Know who is accessing your network and their behaviour.
Implement measures to know what cloud apps are being used.
Automation & Orchestration
Cloud orchestration is the automation of the different systems automations across services and clouds. Helping to connect various automated tasks to create a cohesive workflow which helps the enterprise to achieve its goals.
ImplementingZero Trust
Focus on resources (Assets, services, workflow, network accounts)