The key principles of Zero Trust security

When implementing ZTNA, you need to keep these three principles in mind:

Never trust, always verify

Verify every request every time based on all data points available before authorizing a user or asset. Don't trust anyone or anything implicitly.

One

The principle of least privilege

Use least-privilege and just-in-time privilege elevation to ensure that your users and assets only have just enough access to get their job done, and not more.

One

Assume breach

Assume your network is breached. Plan to limit the damage from external and insider attacks, and implement analytics and security solutions to detect and respond to threats.

One
Want to learn more about the
basics of Zero Trust?

Check out these infographics.

The 7 tenets of Zero Trust The 7 tenets of Zero Trust
The 5 pillars of Zero Trust The 5 pillars of Zero Trust
Infographics on the basics of Zero Trust - key tenets and principles

How does ZTNA differ from
traditional forms of security?

The traditional security approach

Traditional forms of security are referred to as perimeter-based security. This is because they rely on firewalls, VPNs, etc. to create a perimeter around their network.

Some people also refer to this security as the castle and moat approach. Traditionally when everyone was working from office alone, this security may have seemed sufficient.

However, these security models don't sufficiently account for the risks introduced by the move towards cloud solutions and hybrid workplaces.

Additionally, credential-based attacks and malicious insiders can easily bypass firewalls and VPNs, and wreak havoc within a network.

Perimeter-based security approach

The Zero Trust security approach

The Zero Trust approach to security seeks to solve this by focusing defenses on identities, assets, and resources instead of the network perimeter. The goal is to prevent unauthorized access to organizational resources, while making access control as granular as possible.

The Zero Trust security approach

This is done by enforcing the following:

  • Explicit verification: Before granting access, each request is explicitly verified, irrespective of its origin point.
  • The principle of least privilege: Every user only receives the bare minimum level of access required to carry out their jobs.
  • Just-in-time privilege elevation: Users needing to access sensitive resources are given access in a just-in-time manner after additional verification.
  • Continuous monitoring: Users' activities are monitored continuously, allowing security teams to detect and act against suspicious behavior right away.
  • Security automation: Security responses are automated to ensure that action can be taken right away, before serious damage occurs.
  • Dynamic access: A user's access can be limited or rescinded based on the recommendation from the security and monitoring tools.

This ensures that even if adversaries get inside your network, they won't be able to do much damage. Zero Trust use cases aren't just limited to preventing and mitigating cyberattacks. This approach can also simplify access controls and network design, among other things.

Network structure and security: Illustrated

Zero trust also simplifies network design by eliminating multiple layers and bringing
the "perimeter" closer to the resources or assets being protected.

Without Zero TrustWith Zero Trust
Network structure without a Zero Trust approach (the castle-and-moat model)
Castle-and-moat approach

Want to learn more about Zero Trust security?

Download the guide Down arrow
Want to learn more about Zero Trust security?
X Popup image