Type for search...
codete zero trust architecture principles and benefits main d576586c96
Codete Blog

Zero Trust Architecture: Principles and Benefits

Adrian Marszalek 74580312c1

16/03/2022 |

5 min read

Adrian Marszałek

In previous articles, I introduced you to cyber threats and the value that a trusted information security professional can bring to your organization. This time, let's take a closer look at Zero Trust Architecture, a proven method for increasing information security.

 

Table of contents:

  1. What’s Zero Trust Architecture (ZTA)?
  2. How ZTA can be implemented in your organization
  3. Zero Trust Architecture – summary

What’s Zero Trust Architecture (ZTA)?

Zero Trust Architecture is one of the approaches an organization might take to maximize information security and mitigate potential cyber threats. As the name suggests, it is a guideline relying on a simple principle: no device or user can be permanently trusted. Therefore, each part of the architecture needs to be constantly monitored and authenticated to ensure the highest level of security.

ZTA is built around a few key assumptions:

  • Risk needs to be analyzed and assessed continuously.
  • Expected breach risk is always high – treat every action performed within a network as a potential risk of compromising assets.
  • Access to resources by users/services should be kept to a minimum, and authentication should be required at all times.
  • Internal networks and company-owned devices are no more secure than external devices.

How ZTA can be implemented in your organization

Note: NIST SP 800-207 is the original comprehensive special publication issued by the American National Institute of Standards and Technology. The following sections summarize the publication's main points.

It takes time to implement ZTE in its entirety. The guidelines are simple in theory but require substantial knowledge and experience in creating, implementing, and enforcing information security policies, as well as additional resources to promote, train, and maintain the organizational changes made when introducing the ZTA to your company. Yes, this will initially make life more difficult for your employees and partners, but it will ultimately help your corporate ecosystem protect any value you retain in your network.

There are two general approaches to implementing ZTA in your organization: 

  • The first one – building from the ground up – means setting up the whole infrastructure from scratch based on ZTA principles.
  • The second way is to migrate your existing policies and infrastructure to a ZTA. Nonetheless, it must be done process-by-process to allow for extended coexistence of ZTA and non-ZTA infrastructures.

As the latter approach is most likely to occur in any already existing and operating company, further paragraphs will focus on this particular model of introducing ZTA.

Know your infrastructure to the bones

ZTA implementation success is highly dependent on comprehensive data collection. It cannot be overstated how critical that stage is. You should conduct a comprehensive inventory of your system, users, and business processes. Only when there are no remaining unknown or inadequately described assets, process steps, or users can the ZTA be scheduled for implementation.

To help you with that assessment, here are a few points I've laid out for you:

  1. Identify all of your users (employees – regular and super-privileged, contractors, external suppliers, test accounts, automation accounts, and some service accounts that interact with any of the resources).
  2. Identify all of your network-capable devices (PCs and laptops, smartphones, tablets, printers, CCTV, video conference equipment, TVs, switches, routers, access points, VoIP telephones, wallboards), as well as any devices brought into your premises and connected to any of your networks (such as employees' devices or even charging cables connected to a PC's USB port).
  3. Identify all of your critical processes and assess the risks associated with putting them into action. Any business processes that use cloud computing or are performed by a remote team are excellent candidates for ZTA implementation in your enterprise.

The chosen one

After you've completed an in-depth inventory of your assets, it's time to select one service or business workflow (the so-called "candidate") for the ZTA transformation. Optimally, the candidate should be of moderate to high importance and high risk. Nonetheless, it's prudent to begin with candidates whose transformation will have a limited impact on the entire organization.

Now that your candidate is chosen, identify all upstream (such as ID management, systems, databases, microservices) and downstream resources (logging, security monitoring) and entities that interact with the candidate's workflow.

There is a solution

We've completed our research, and now it's time to find the optimal solution for our candidate while adhering to the fundamental ZTA principles. Your selection should consider environmental factors such as the source of your organization's policy rules (i.e., external regulators) and the components used in your case (Policy Engine, Policy Administrator, Policy Enforcement Point). Based on that, a new policy should be developed. Whether you want your updated policy to be tested in a pilot program or to function as a replacement for the preceding policy is entirely up to you. Regardless, it's time to take a new step.

Initial deployment and monitoring

After selecting your components and candidate, you can begin the initial deployment. At this point, your administrators will implement and monitor the new policy. As a result, they'll be able to verify that all preceding steps were completed completely in order for the policy to function properly.This enables you to recognize patterns of expected behavior and, ultimately, aids in the isolation of any anomalous activity.

Roll-out

After refining the pilot policy and its steady operation, it is time to expand the ZTA to other processes and services using the same logic. 

Zero Trust Architecture – summary

As you can see, the ZTA principles are quite simple to grasp and are applicable to a wide variety of industries. Yet, the architecture’s implementation may be time-consuming and labor-intensive. Nonetheless, by using them, you will significantly strengthen your enterprise's cybersecurity posture and increase your chances of preventing malicious attacks on your company's infrastructure.

Rated: 5.0 / 1 opinions
Adrian Marszalek 74580312c1

Adrian Marszałek

Cybersecurity geek specializing in offensive cybersecurity (penetration testing) as well as physical penetration testing (controlled non-destructive break-ins into premises). In spare time amateur wildlife photographer.

Our mission is to accelerate your growth through technology

Contact us

Codete Przystalski Olechowski Śmiałek
Spółka Komandytowa

Na Zjeździe 11
30-527 Kraków

NIP (VAT-ID): PL6762460401
REGON: 122745429
KRS: 0000696869

Offices
  • Kraków

    Na Zjeździe 11
    30-527 Kraków

  • Lublin

    Wojciechowska 7E
    20-704 Lublin

  • Berlin

    Wattstraße 11
    13355 Berlin

Copyright 2022 Codete