What is the Zero Trust security model?

Zero Trust security model

Zero Trust is an approach to the design and implementation of IT systems based on the principle of “never trusting, always verifying” every device. In this security model, inherent trust in the network is removed; no matter whether a device is within a corporate LAN or whether it has already been verified before. Every request-response communication must be authenticated, authorized and encrypted. The Zero Trust model is also known as “Perimeterless Security”.

Zero Trust or Perimeterless Security model

The Zero Trust security model aims to remove the outdated assumption that everything inside an organization’s network should be trusted. As opposed to the traditional security model, which assumes all users act responsibly and can be trusted, Zero Trust is based on the premise that trust is a vulnerability. By eliminating the concept of trust from the network architecture, this approach helps prevent data breaches.

The term “Zero Trust” was coined by Stephen Paul Marsh in April 1994, for his doctoral thesis on computational security at the University of Stirling (UK). He defined Zero Trust as a concept beyond distrust. However, it is worth mentioning that Zero Trust was popularized by John Kindervag while he was vice president and principal analyst for Forrester Research.

Never trust, always verify

IT teams must always verify requests based on an access policy. The trustworthiness of a request is established based on different aspects:

  • Device health
  • User identity and behaviour
  • The value of the data which is being accessed
  • The impact of the action which is being requested

In a Zero Trust Architecture (ZTA), as in any other security approach, all implemented measures should be assessed periodically to adjust them to new best practices. The trustworthiness of all connections and endpoints should be continuously reevaluated, because Zero Trust Architectures build trust in each request. This applies to all devices, no matter if they are already connected within a corporate LAN or if they have been verified before.

Moreover, the fact that a user is connected to a network does not mean that he should be able to access everything within that network. That is why each access request, either to data or a service, should be verified, authenticated and authorised against an access policy. This way all connections that do not satisfy the organization’s permissible policies will be dropped. Zero Trust goes beyond other security measures such as VPNs or SSH.

Security regardless of the location

Zero Trust is highly recommended for organizations relying on cloud solutions and working from different locations. Simply because users can access critical data and applications from anywhere. That is why defining a Zero Trust perimeter is useful to secure data, applications and workloads regardless of the location. The growing adoption of mobile and cloud services is actually boosting the implementation of the Zero Trust network architecture approach.

Advantages of the Zero Trust approach

The Zero Trust security approach has many advantages if adopted correctly. For instance:

  • Zero Trust makes it harder for cyber attackers to compromise the organization’s data. Even though a cyber criminal breaks the first barrier to access the private network, he will not be able to compromise all data because there will be additional barriers.
  • It also ensures data, resources and applications are inaccessible by default. By creating a perimeter around their critical and most valuable data and assets, organisations prevent access to unauthorized users. Each user only can access the data, resources and applications he has privileged access to.
  • It enables detecting vulnerabilities faster and managing them proactively. Zero Trust improves verification processes, monitors users and compartmentalizes data to make the access to the company’s information harder for unauthorized users. This also allows IT security teams to enforce security policies consistently.
  • It enhances network performance by reducing traffic on subnets.

Share it on Social Media!

Cookies customization
Stackscale, Grupo Aire logo

By allowing cookies, you voluntarily agree to the processing of your data. This also includes, for a limited period of time, your consent in accordance with the Article 49 (1) (a) GDPR in regard to the processing of data outside the EEA, for instead, in the USA. In these countries, despite the careful selection and obligation of service providers, the European high level of data protection cannot be guaranteed.

In case of the data being transferred to the USA, there is, for instance, the risk of USA authorities processing that data for control and supervision purposes without having effective legal resources available or without being able to enforce all the rights of the interested party. You can revoke your consent at any moment.

Necessary Cookies

Necessary cookies help make a web page usable by activating basic functions such as the page navigation and the access to secure areas in the web page. The web page will not be able to work properly without these cookies. We inform you about the possibility to set up your browser in order to block or alert about these cookies, however, it is possible that certain areas of the web page do not work. These cookies do not store any personal data.

- moove_gdpr_popup

 

Analytical cookies

Analytical cookies allow its Editor to track and analyze the websites’ users behavior. The information collected through this type of cookie is used for measuring the activity on websites, applications or platforms, as well as for building user navigation profiles for said websites, application or platform, in order to implement improvements based on the analysis of data on the usage of the service by users.

Google Analytics: It registers a single identification used to generate statistical data about how the visitor uses the website. The data generated by the cookie about the usage of this website is generally transferred to a Google server in the USA and stored there by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

- _dc_gtm_UA-XXXXXXXX-X

- _gat_gtag_UA_XXXXXXXX_X

- _ga

- _gcl_au

- _gid