What is a Zero Trust Architecture
Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. Rooted in the principle of “never trust, always verify,” Zero Trust is designed to protect modern environments and enable digital transformation by using strong authentication methods, leveraging network segmentation, preventing lateral movement, providing Layer 7 threat prevention, and simplifying granular, “least access” policies.
Zero Trust was created based on the realization that traditional security models operate on the outdated assumption that everything inside an organization’s network should be implicitly trusted. This implicit trust means that once on the network, users – including threat actors and malicious insiders – are free to move laterally and access or exfiltrate sensitive data due to a lack of granular security controls.
Simplifying Zero Trust for User-Based Security
With digital transformation accelerating in the form of a growing hybrid workforce, continued migration to the cloud, and the transformation of security operations, taking a Zero Trust approach has never been more critical. If done correctly, a Zero Trust architecture results in higher overall levels of security, but also in reduced security complexity and operational overhead.
Step 0: Visibility and Critical Asset Identification
In Zero Trust, one of the first steps is the identification of the network’s most critical and valuable data, assets, applications and services. This helps prioritize where to start and also enables the creation of Zero Trust security policies. By identifying the most critical assets, organizations can focus efforts on prioritizing and protecting those assets as part of their Zero Trust journey.
The next step is understanding who the users are, which applications they are using and how they are connecting to determine and enforce policy that ensures secure access to your critical assets.
Building The Zero Trust Enterprise
Although Zero Trust is typically associated with securing users or use cases such as Zero Trust Network Access (ZTNA), a comprehensive zero trust approach encompasses Users, Applications and Infrastructure.
Users - step one of any Zero Trust effort requires strong authentication of user identity, application of “least access” policies, and verification of user device integrity
Applications - applying Zero Trust to applications removes implicit trust with various components of applications when they talk to each other. A fundamental concept of Zero Trust is that applications cannot be trusted and continuous monitoring at runtime is necessary to validate their behavior.
Infrastructure - everything infrastructure-related—routers, switches, cloud, IoT, and supply chain—must be addressed with a Zero Trust approach.
To learn more about Zero Trust and how to build a Zero Trust Enterprise, please visit www.paloaltonetworks.com/zero-trust