{"id":21729,"date":"2025-03-19T17:22:57","date_gmt":"2025-03-19T11:52:57","guid":{"rendered":"https:\/\/networkinterview.com\/?p=21729"},"modified":"2025-03-19T17:22:57","modified_gmt":"2025-03-19T11:52:57","slug":"zero-trust-architecture","status":"publish","type":"post","link":"https:\/\/networkinterview.com\/zero-trust-architecture\/","title":{"rendered":"Zero Trust Architecture: Why It\u2019s Becoming a Security Standard"},"content":{"rendered":"<div class=\"netwo-in-between-content netwo-entity-placement\" id=\"netwo-3662796940\"><div id=\"netwo-415375544\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-1375203873676133\" crossorigin=\"anonymous\"><\/script><ins class=\"adsbygoogle\" style=\"display:block;\" data-ad-client=\"ca-pub-1375203873676133\" \ndata-ad-slot=\"2134143805\" \ndata-ad-format=\"auto\"><\/ins>\n<script> \n(adsbygoogle = window.adsbygoogle || []).push({}); \n<\/script>\n<\/div><\/div><p><span style=\"font-weight: 400;\">Since organizations are moving away from the traditional IT landscape to cloud computing, cloud-based assets, remote working models, the perimeter based old and traditional model of security is not sufficient enough for protection of data and sensitive systems. The modern security model is based on the principle of <em>\u2018trust no one\u2019<\/em> the way organizations assets are being secured and used.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In today\u2019s topic we will learn about the zero trust architecture approach, its need, how zero trust security is achieved and its benefits.\u00a0<\/span><\/p>\n<h2><b>What is\u00a0 Zero Trust Architecture (ZTA)<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Zero trust architecture&#8217;s basic principle is <em>\u2018Never trust, always verify\u2019<\/em> which focuses on stringent access controls and user authentication. It helps organizations to improve their cyber defenses and reduce network complexity. Pre-authorized user access concept no longer exists in zero trust architecture.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Due to cloud computing penetration and diminishing physical boundaries and network complexity of enterprises is increased. Implementing <span style=\"color: #0000ff;\"><a style=\"color: #0000ff;\" href=\"https:\/\/www.geeksforgeeks.org\/7-layers-of-it-security\/\" target=\"_blank\" rel=\"noopener\">several layers of security<\/a><\/span> is tough to manage and maintain. Traditional perimeter-based security is no longer adequate. Zero trust architecture helps organizations build policy-based access which are meant to prevent lateral movement across networks with more stringent access\u00a0 controls. User policies can be defined based on location, device and role requirement.\u00a0<\/span><\/p>\n<h2><b>How Zero Trust works<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Zero trust works by combination of encryption, access control, next generation endpoints security, identity protection and cloud workloads advantages. Below set principles are the basis for NIST zero trust architecture as under:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Access to resources is managed at organization policies level considering several factors such as user, <span style=\"color: #0000ff;\"><a style=\"color: #0000ff;\" href=\"https:\/\/networkinterview.com\/mac-address-vs-ip-address-know-the-difference\/\" target=\"_blank\" rel=\"noopener\">IP address<\/a><\/span> of user, operating system and location.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Corporate network or resource access is based on with secure authentication for every individual request\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">User or device authentication do not automatically provide resources access<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">All communication is encrypted and authenticated\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Servers, endpoints and mobile devices are secured with zero trust principals which together are considered corporate resources\u00a0<\/span><\/li>\n<\/ul>\n<h2><b>How to implement Zero Trust Architecture?<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">The very first step is to define the attack surface which means identify what you need to protect which areas? Based on this you need to deploy policies and tools across the network. The focus should be protection of your digital assets.<\/span><\/p>\n<h3><b>Define Attack Surface\u00a0<\/b><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Sensitive data \u2013<\/b><span style=\"font-weight: 400;\"> the organization collects and stores what kind of sensitive data such as employees and customers personal information\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Critical applications \u2013<\/b><span style=\"font-weight: 400;\"> used by business to tun its operations or meant for customers\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Physical assets \u2013 <\/b><span style=\"font-weight: 400;\">IoT devices, POS devices any other equipment<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Corporate services \u2013<\/b><span style=\"font-weight: 400;\"> all internal infrastructure meant to provide day to day operations\u00a0\u00a0<\/span><\/li>\n<\/ul>\n<h3><b>Implement controls around network traffic\u00a0<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">The routing of requests within the network for example access to a corporate database which could be critical to business so as to ensure access is secure. Network architecture understanding will help to implement network controls relevant to its placement.<\/span><\/p>\n<h3><b>Create a Zero-Trust Policy\u00a0<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Use the <span style=\"color: #0000ff;\"><a style=\"color: #0000ff;\" href=\"https:\/\/www.linkedin.com\/pulse\/kipling-method-asking-questions-alec-gardner-p5gac\/\" target=\"_blank\" rel=\"noopener\">Kipling method<\/a><\/span> here to define the zero-trust policy : who, what , when , where , why and how need to be well thought out for every device, user.\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Architect a zero-trust network\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use a firewall to implement segmentation within the network.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use multi-factor authentication to secure users\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Eliminate implicit trust\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Consider all components of organization infrastructure in zero-trust implementation scope such as workstations, servers, mobile devices, IoT devices, supply chain , cloud etc.<\/span><\/li>\n<\/ul>\n<h3><b>Monitor the Network\u00a0<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Once a network is secured using zero trust architecture it is important to monitor it.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Reports, analytics and logs are three major components of monitoring. Reports are used to analyze data related to system and users and could be an indication of anomalous behaviour. Data collected by systems can be used to gain insight into behaviour and performance of users. Logs produced by different devices in your network provide a record of all kinds of activities. These can be analyzed using the SIEM tool to detect anomalies and patterns.\u00a0<\/span><\/p>\n<div class=\"netwo-after-content netwo-entity-placement\" id=\"netwo-1262418405\"><div id=\"netwo-633588002\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-1375203873676133\" crossorigin=\"anonymous\"><\/script><ins class=\"adsbygoogle\" style=\"display:block;\" data-ad-client=\"ca-pub-1375203873676133\" \ndata-ad-slot=\"2134143805\" \ndata-ad-format=\"auto\"><\/ins>\n<script> \n(adsbygoogle = window.adsbygoogle || []).push({}); \n<\/script>\n<\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Since organizations are moving away from the traditional IT landscape to cloud computing, cloud-based assets, remote working models, the perimeter based old and traditional model of security is not sufficient enough for protection of data and sensitive systems. The modern &hellip; <\/p>\n","protected":false},"author":146,"featured_media":21732,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,79],"tags":[6607],"class_list":["post-21729","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-techblog","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/networkinterview.com\/wp-json\/wp\/v2\/posts\/21729","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/networkinterview.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/networkinterview.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/networkinterview.com\/wp-json\/wp\/v2\/users\/146"}],"replies":[{"embeddable":true,"href":"https:\/\/networkinterview.com\/wp-json\/wp\/v2\/comments?post=21729"}],"version-history":[{"count":0,"href":"https:\/\/networkinterview.com\/wp-json\/wp\/v2\/posts\/21729\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/networkinterview.com\/wp-json\/wp\/v2\/media\/21732"}],"wp:attachment":[{"href":"https:\/\/networkinterview.com\/wp-json\/wp\/v2\/media?parent=21729"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/networkinterview.com\/wp-json\/wp\/v2\/categories?post=21729"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/networkinterview.com\/wp-json\/wp\/v2\/tags?post=21729"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}