Your Top Five Zero Trust Architecture Questions (ZTA)

Your Top Five Zero Trust Architecture Questions (ZTA)

Ifyou’re concerned about ZeroTrustArchitectureadoption,you’renot alone.It’sslowly becoming a necessity as cyber threatsadvance,and more companies do their business online.Zero Trustisn’ta newconcept. “Zero Trust” was first published in a Forrester Research paper entitled “No More Chewy Centers”: Introducing the Zero Trust Model for Information Security, 2010. [1]
The concept is based on the idea that a traditional parameter-edge model is where a firewall (hard crunchy outer shell) is the primary protector of the network. This research, called The Kill Chain, revealed that the majority of cyber-attack methods are not deterred by traditional perimeter controls such as firewalls.

1) What is Zero Trust?
The basic definition of zero trust is:
A Zero Trust system, an integrated security platform, uses contextual information from identity and security, IT Infrastructure, risk and analytics tools to enable the dynamic enforcement and uniform enforcement of security policies across the enterprise. Zero Trust transforms security from a perimeter-centric model to one that is resource-centric and identity-centric. Organizations can adapt access controls to changing environments, which results in improved security, reduced risk, simplified operations, and greater business agility. [2]
ZeroTrust (ZT)providesa collection of concepts and ideas designed to minimize uncertainty in enforcingaccurate, leastprivilegeper-request access decisions in information systems and services in the face of a network viewed as compromised. ZeroTrustArchitecture(ZTA) is an enterprise’s cybersecurity plan thatutilizeszero trust concepts and encompassescomponentrelationships, workflow planning, and access policies.AZeroTrust enterprise is the network infrastructure (physical and virtual) and operational policies that are in place for an enterprise as a product of aZeroTrustArchitecture plan. [3]
Zero Trust Architecture should ultimately be a business decision driven by long-term goals such as:
Ease in managementAdaptive security controlsCompliance with stakeholder obligationsOverall risk mitigation, risk managementThe decision for a ZTA transition requires full commitment. It will be a lengthy and difficult process to fully implement. A complete architecture overhaul can be costly. Despite this, it can reduce your organization’s cyber risk and be adaptive. True ZTA should not be performed in one-time phases. It should be performed over time with measurable tactical wins.

2) What are the Core Principles of ZeroTrust
If you are adopting a Zero Trust Architecture, these are the core principles that will ensure a successful deployment.
1. Ensure all Resources areSecurely Accessible,Regardless of Location.
All resources must be included within the scope of the Zero Trust solution.
This requires the dissolution and replacement of the traditional perimeter with an alternative security strategy.
2. Adopt a strategy of least privilege and strictly enforce access control
A LeastPrivilegeStrategy is exactly as it sounds. You grant resourceaccess rights to thefewest number of accounts, users, and computing processes.
Zero Trust, when properly implemented, allows for effective enforcementof Least Privilege. ZTA, through Least Privilege, provides the ability to bridge network security and application security.
3. Inspect and Log AllTrafficThis isfacilitatedin ZTA by using a distributed set of network enforcement points.Theadditionalsegmentation required of ZTA enriches the collected logs with context and metadata.

3)What strategic considerations are necessary for ZTA adoption?
Here are some strategic considerations if you are ready to go all-in or making buying decisions that will impact the future of your company.
ReviewInteroperability and Integration Capabilities
All new and replacement components should be able communicate with ZTA security policy enforcement model and can integrate with it.
Review the APIs of the solutionsanddetermine:
If thesolution access controlismerged into the overall ZTA modelIfthe solution implementationhascreatedany new gaps in the ZT modelInvest inAutomation
Automation is essential, otherwise ZTA may become cumbersome and fail. Automate actions across systems and environments, driven by context and events.
The automation mapping should establish a logical channel consisting of a central Policy Decision Point (also known as the Control Plane), connected with a distributed set Policy Enforcement Pointss (PEPs), on the data plane.
Continuous Risk Management
ZTA adoption has the primary goal of minimizing cyber risk.
All data sources and computing services can be considered resources. Each resource can