Zero Trust

(OBJ 1.2)

Perimeter structure

• Cybersecurity experts configure these networks with strong external defenses by using things like firewalls, intrusion protection systems, and other perimeter defenses
• Alternative: Protect the systems and data using multiple levels of encryption, secure protocols, data-level authentication, and other hist-based protection mechanisms
  • Using a perimeter-only structure is not gonna keep us safe
• Deperimeterization is increasingly becoming more agile for us as organizations to use.
  • The move to the cloud when combined with the rise of work from home has rapidly increased our ability to conduct secure operations within a deperimeterization architecture

Zero Trust definition

"Trust nothing and verify everything"

• Zero Trust demands verification for every device, user, and transaction within the network, regardless of its origin
• Ensure security of corporate networks and data
• Addresses the changing nature of work

Zero Trust Architecture (two planes)

• To create a zero trust architecture, we need to use two different planes

• Control Plane

  • Refers to the overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and system access within an organization
  • Control Plane typically encompasses several key elements
    • Adaptive Identity
      • User adaptative identities that rely on real-time validation that takes into account the user's behavior, device, location, and more
    • Threat Scope Reduction
      • Limits the users’ access to only what they need for their work tasks because this reduces the network’s potential attack surface
      • Focused on minimizing the "blast radius" that could occur in the event of a breach
    • Policy-Driven Access Control
      • Entails developing, managing, and enforcing user access policies based on their roles and responsibilities
      • Users only have access to data that is pertinent to their role.
    • Secured Zones
      • Isolated environments within a network that are designed to house sensitive data
      • Only users with the appropriate permissions can access these zones, this is a further layer of protection

• Data Plane

  • Ensures the policies are properly executed
  • Data plane consists of the following
    • Subject/System
      • Refers to the individual or entity attempting to gain access
    • Policy Engine
      • Cross-references the access request with its predefined policies
      • Rule book that determine whether the request aligns with permissions
    • Policy Administrator
      • Used to establish and manage the access policies
      • Dictates who gets access to what and ensures that the policies align with the organization's security protocols and business objectives
    • Policy Enforcement Point
      • Where the decision to grant or deny access is actually executed
      • Allow or restrict access
      • Acts as a gatekeeper

Zero Trust is a cybersecurity approach that assumes no user or system is trusted by default and requires continuous verification for access to organizational resources